![]() ![]() » Network Automation with Consul-Terraform-Sync For customers who use HashiCorp Terraform and Consul, this is the preferred solution. ![]() The policy does not dynamically change on the Firewall - it needs an administrator to log into the device and manually update it unless the Cisco Secure Firewall Management Center (FMC) receives dynamic updates to modify the policy rules based on the attributes of the node.Ĭisco Secure Dynamic Attribute Connector (CSDAC) and Dynamic Objects on the Cisco Secure Firewall Management Center (FMC) allow changes to IP addresses or other node attributes to be propagated to the Firewall in real-time, eliminating the need to update security policies manually.Īlternatively, IP address mappings in the Dynamic Objects on FMC can be automatically created, updated, and deleted using HashiCorp’s Consul-Terraform-Sync (CTS) solution. If the destination node goes down or becomes inaccessible, another node will replace it, making the policy ineffective. It is effective as long as the IP address does not change. Here’s an example: a security policy configured on the Cisco Secure Firewall allows traffic from one service to another based on their IP addresses. This new reality requires solutions that are as dynamic as the environments they need to automate. In these environments, instances and services can be created and decommissioned as needed, which means keeping track of updates to such components in a fast-changing environment is a challenge for SecOps teams. Today, more organizations are embracing microservices and dynamic infrastructure deployments in cloud environments. This blog is a guest post by Sameer Singh from Cisco Blogs, where it was originally posted.
0 Comments
Leave a Reply. |