Create or Edit a Ruleset

You can create a ruleset and add new access control rules to it.

Use the following procedure to create a ruleset for multiple FDM-managed devices:

Procedure

Step 1

In the navigation pane, click Policies > FTD Rulesets.

Step 2

Click the plus button to create a new ruleset.

Note

To edit an existing ruleset, select the ruleset and click the edit icon .

Step 3

Enter a name for the ruleset and then click Create.

Step 4

Create access control rules to add them to the ruleset. See Configure the FDM Access Control Policy for instructions.

Note

Access Control rules in the rulesets don't support criteria for Users criteria.

Step 5

In the upper right corner of the window, select the ruleset's priority . The priority can be set when the device is not attached to the ruleset. This selection affects all of the rules included in this ruleset and how it is handled on the devices:

  • Top- The ruleset is processed before all other rules on the device. Rules are ordered at the top of the rule list and are processed first. No other ruleset can precede the rules in this policy. You can only have one top ruleset per device.

  • Bottom- The ruleset is processed after all other rules on the device. Other than the policy's default action, no other ruleset can succeed rules in this policy. You can only have one bottom ruleset per device. By default, the priority is set to Bottom.

The Local Rules displays all the device-specific rules of the device.

Note

The priority cannot be changed when a ruleset is attached to a device. You have to detach the device and change the priority.

Step 6

Click Save. You can create as many rules as you want.

Step 7

(Optional) For any rule that you created, you can select it and add a comment about it in the Add Comments field. To learn more about rule comments see, Adding Comments to Rules in FTD Policies and Rulesets.

Note

  • You can change the order of rules in a ruleset even if you have devices attached to the ruleset. Use the following procedure to change the priority of the ruleset:

    1. In the navigation pane, click Policies > Rulesets and select the ruleset you want to modify.

    2. Select a rule that you want to move.

    3. Hover the cursor inside the rule row and use the Move Up or Move Down arrow to move the rule to the desired order.

  • CDO allows you to override objects associated with the rules of a ruleset. When you add a new object to a rule, you can override it only after you attach a device to the ruleset and save the changes.