Thread: Dynamic objects...Have I got the wrong idea
View Single Post
  #3 (permalink)  
Old 2008-03-10
mcarey mcarey is offline
Member
  
Join Date: 2006-05-08
Posts: 62
Rep Power: 3
mcarey has an average reputation (10+)
Default Re: Dynamic objects...Have I got the wrong idea
So I want to create a Global rule that allows my "Admin-Subnet" HTTPS and SSH access to the firewall itself.

I was hoping to have the rule as:

Source: Admin-Subnet
Destination: DynamicObject_Firewall

So instead of creating a group with all the firewalls in it, I have one Dynamic Object that recognizes when the global policy is on Firewall A, the destination would be to Firewall A. That way, when a new security gateway is added to SmartDashboard, it is already inherently in that Dynamic Object, I don't have to add it to a Simple Group.

It sounds like I would have to go to each firewall and add a host entry that is

DynamicObject_Firewall 10.1.1.1 (or whatever that specific firewall Management IP address is?)

Doesn't this just move all the work from the SmartDashboard to the secure gateway itself?
Reply With Quote