A new feature in the version 7.0 release of Cisco FMC/FTD (aka Cisco Secure Firewall) is Dynamic Objects. A Dynamic Object is a list of IP addresses/subnets, unlike a regular network object changes to the Dynamic Objects group takes place immediately without the need to deploy a policy to the FTD. Management of the IP addresses within the Dynamic Object group is using API. This post covers the configuration of a Dynamic Object group and demonstrates how to add IP addresses to the group using the API tool Postman.
Configuration
The configuration within the FMC is actually very little, a Dynamic Object is created and then referenced in the Access Control rule.
- Login to the FMC
- Navigate to Objects > Object Management > External Attributes > Dynamic Object
- Click Add Dynamic Objects
integrating IT 