How It Works
Network constructs such as IP address are not reliable in virtual, cloud and container environments due to the dynamic nature of the workloads and the inevitability of IP address overlap. Customers require policy rules to be defined based on non-network constructs such as VM name or security group, so that firewall policy is persistent even when the IP address or VLAN changes.
The following figure shows how the system functions at a high level.
-
The system supports certain public cloud providers.
This topic discusses supported connectors (which are the connections to those providers).
-
The adapter defined by the dynamic attributes connector receives those dynamic attributes filters as dynamic objects and enables you to use them in access control rules.
You can create the following types of adapters:
-
On-Prem Firewall Management Center for an on-premises device.
This type of device might be managed by Cisco Defense Orchestrator (CDO) or it might be a standalone.
-
Cloud-delivered Firewall Management Center for devices managed by CDO.
-