Move a Rule from One FDM-Managed Device Policy to Another FDM-Managed Device Policy

When moving rules from one FDM-managed device policy to another FDM-managed device policy, objects associated with those rules are copied to the new FDM-managed device as well.

CDO validates some conditions when pasting the rules. For more information on those conditions, see Behavior of Objects when Pasting Rules to Another FTD.

To move rules to another FDM-managed device, follow this procedure:

Procedure


Step 1

In the navigation pane, click Inventory.

Step 2

Click the Devices tab to locate the device or the Templates tab to locate the model device.

Step 3

Click the FTD tab and select the FDM-managed device you want to copy the rule from.

Step 4

In the Management pane on the right, click Policy.

Step 5

Select one or more access control rules you want to move and click Cut in the Actions pane on the right.

Step 6

Click Inventory and navigate to the FDM-managed device you want to move one or more selected rules to.

Step 7

In the Management pane on the right, click Policy.

Step 8

In the policy where you want to paste the rule(s) you just cut, select the rule that your cut rule should precede or follow and, in the Actions pane, click Paste Before or Paste After.

  • Paste Before automatically one or more rules above the selected rule, so the cut rules evaluate network traffic before the selected rule.

  • Paste After automatically one or more rules below the selected rule, so the cut rules evaluate network traffic after the selected rule.

The paste operation can be performed multiple times at any required position.

Note

When pasting rules within an FDM-managed device, if a rule with the same name exists, '-Copy' is appended to the original name. If the renamed name also exists, '- Copy n' is appended to the original name. For example, 'rule name - Copy 2'.

Step 9

When you copy rules from one FDM-managed device to another, the Configuration Status of source and destination devices are in 'Not Synced' state. Review your changes and Deploy Configuration Changes from Cisco Defense Orchestrator to FDM-Managed Devices now or wait and deploy multiple changes at once.