cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3968
Views
15
Helpful
2
Replies

Mandatory and default categories for ACRs in FMC

anazarenko
Level 1
Level 1

I still  don't understand the logic:

mandatories rules are checked like and ACL, but default rules are in oposite direction?

Are their any best practices in which categories to keep which rules?

 

 

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

I get where your confusion is coming from. Sections are irrelevant if you dont use policy inheritance. If you inherite a base policy you can use sections to enforce certain rules before/after your child policy like this:

 

PARENT POLICY - MANDATORY SECTION

CHILD POLICY - MANDATORY SECTION

CHILD POLICY - DEFAULT SECTION

PARENT POLICY - DEFAULT SECTION

 

Your parent policy would basically wrap around your child policy to enforce rules from the parents mandatory section before the sections of your child policy are enforced. After your child policies default section is enforced the parents default section is being evaluated.

 

Let me know if that makes sense. :)

View solution in original post

2 Replies 2

Oliver Kaiser
Level 7
Level 7

I get where your confusion is coming from. Sections are irrelevant if you dont use policy inheritance. If you inherite a base policy you can use sections to enforce certain rules before/after your child policy like this:

 

PARENT POLICY - MANDATORY SECTION

CHILD POLICY - MANDATORY SECTION

CHILD POLICY - DEFAULT SECTION

PARENT POLICY - DEFAULT SECTION

 

Your parent policy would basically wrap around your child policy to enforce rules from the parents mandatory section before the sections of your child policy are enforced. After your child policies default section is enforced the parents default section is being evaluated.

 

Let me know if that makes sense. :)

thanks it makes sence now.

Review Cisco Networking for a $25 gift card