Policy Lists
Use the Configure Policy List page to create, copy, and edit policy list policy objects. You can create policy list objects to use when you are configuring route maps. When a policy list is referenced within a route map, all of the match statements within the policy list are evaluated and processed. Two or more policy lists can be configured with a route map. A policy list can also coexist with any other preexisting match and set statements that are configured within the same route map but outside of the policy list. When multiple policy lists perform matching within a route map entry, all policy lists match on the incoming attribute only.
You can use this object with FTD devices.
Procedure
Step 1 | Select Policy List from the table of contents. and choose |
Step 2 | Click Add Policy List. |
Step 3 | Enter a name for the policy list object in the Name field. Object names are not case-sensitive. |
Step 4 | Select whether to allow or block access for matching conditions from the Action drop-down list. |
Step 5 | Click the Interface tab to distribute routes that have their next hop out of one of the interfaces specified. In the Zones/Interfaces list, add the zones that contain the interfaces through which the device communicates with the management station. For interfaces not in a zone, you can type the interface name into the field below the Selected Zone/Interface list and click Add. The host will be configured on a device only if the device includes the selected interfaces or zones. |
Step 6 | Click the Address tab to redistribute any routes that have a destination address that is permitted by a standard access list or prefix list. Choose whether to use an Access List or Prefix List for matching and then enter or select the Standard Access List Objects or Prefix list objects you want to use for matching. |
Step 7 | Click the Next Hop tab to redistribute any routes that have a next hop router address passed by one of the access lists or prefix lists specified. Choose whether to use an Access List or Prefix List for matching and then enter or select the Standard Access List Objects or Prefix list objects you want to use for matching. |
Step 8 | Click the Route Source tab to redistribute routes that have been advertised by routers and access servers at the address specified by the access lists or prefix list. Choose whether to use an Access List or Prefix List for matching and then enter or select the Standard Access List Objects or Prefix list objects you want to use for matching. |
Step 9 | Click the AS Path tab to match a BGP autonomous system path. If you specify more than one AS path, then the route can match either AS path. |
Step 10 | Click the Community Rule tab to enable matching of the BGP community or extended community with the specified community list objects or the extended community list objects respectively. If you specify more than one rule, the routes are verified against the rules until a matching permit or deny is met. |
Step 11 | Click the Metric & tag tab to match the metric and security group tag of a route.
|
Step 12 | If you want to allow overrides for this object, check the Allow Overrides check box; see Allowing Object Overrides. |
Step 13 | Click Save. |