09-20-2021 11:07 AM
Hi All,
Looking for a little direction if possible.
We have four Firepower firewalls along an edge at different locations sharing an ACL policy and NAT policy on the FMC. So we make a change in the policy, it is pushed to all four Firewalls.
However, there are a handfull of rules that are specific to each Firewall only (and not the others). Say for example, each has it's own specific DMZ which aren't in the same zone/IG as the other firewall interfaces. Now, when I add those rules specific to only one Firewall into the policy and try to push the policy to all Firewalls, I get the "this policy references interface not applicable to this firewall" error (words to that effect) which makes total sense.
So what would be best practice in this instance? Ideally, I would like to be able to apply multiple policies to each Firewall...one policy all four firewall have, then a single policy for each of the firewalls containing only the 'locally significant' stuff, but that doesn't seem like a thing.
Any advice (such as read about xxxx) would be greatly appreaciated.
Thanks in advance
Steve
Solved! Go to Solution.
09-20-2021 07:28 PM
I believe you can do this by implementing Access Control Policies with the "Inheritance" feature. More details can be found here:
09-20-2021 07:28 PM
I believe you can do this by implementing Access Control Policies with the "Inheritance" feature. More details can be found here:
09-20-2021 11:56 PM
Great, that looks like what I am after...Thank you for taking the time!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: