Introduction to Objects
An object is a reusable container of information that you can use in one or more security policies. Objects help you maintain policy consistency because you can define a value once, use it in multiple policies, and update every policy that uses the object by changing the object.
When you onboard a device, Security Cloud Control Firewall Management recognizes all the objects used by that device, saves them, and lists them on the Objects page. From the Objects page, you can edit existing objects and create new ones to use in your security policies.
Security Cloud Control Firewall
Management calls an object used on multiple devices a shared object and identifies them in the Objects page with this badge
.
You can use Security Cloud Control Firewall Management to manage objects in these ways:
-
Search for and filter all your objects based on a variety of criteria.
-
Find duplicate, unused, and inconsistent objects, and then consolidate, delete, resolve, ignore, or unignore object issues.
-
Find and delete unassociated objects if they are not needed.
-
Discover objects that are shared across devices.
-
Evaluate which policies and devices are affected before you commit an object change.
-
Compare a set of objects and their relationships with different policies and devices.
-
Capture objects that are in use after a device is onboarded to Security Cloud Control Firewall Management.
Sometimes a shared object develops some "issue" and is no longer perfectly shared across multiple policies or devices:
-
Duplicate objects: Two or more objects on the same device have different names but the same values. These objects usually serve similar purposes and are used by different policies. Duplicate objects are identified by this issue icon:

-
Inconsistent objects: Two or more devices have objects with the same name but different values. This issue can occur when objects start with the same name and content but later diverge. Inconsistent objects are identified by this issue icon:

-
Unused objects: An object exists in a device configuration but is not referenced by another object, an access list, or a NAT rule. Unused objects are identified by this issue icon:

You can also create objects for immediate use in rules or policies. You can create an object that is unassociated with any rule or policy. When you use that unassociated object in a rule or policy, Security Cloud Control Firewall Management creates a copy of it and uses the copy.
You can view the objects managed by Security Cloud Control Firewall Management by navigating to the Objects menu or by viewing them in the details of a network policy.
If you have issues with creating, editing, or reading objects from an onboarded device, see Troubleshoot Security Cloud Control for more information.
Shared objects
A shared object is an object on multiple devices that has the same name and the same contents. Shared objects help you maintain policies because one object change affects every policy that uses that shared object.
When looking at a shared object, Security Cloud Control shows you the contents of the object in the object table. Shared objects have exactly the same contents. Security Cloud Control shows you a combined or "flattened" view of the elements of the object in the details pane. Notice that in the details pane, the network elements are flattened into a simple list and not directly associated with a named object.
Object Overrides
An object override lets you customize a shared object for specific devices. When a device has an override, Security Cloud Control Firewall Management uses the override value for that device instead of the object's default value.
Overrides allow you to maintain a single shared policy across devices while tailoring individual object values where needed.
Use overrides when you want to maintain one shared policy across devices but need specific devices to use different object values. For example, a shared print-server object can use the default value 10.1.1.100 for most offices, while Office B uses an override value of 10.2.1.100.
Overrides on network object groups
For network object groups, overrides fully replace the default values for the devices that are assigned to the override. A device with an override receives only the override values, not the default values.
This replacement behavior has these effects:
-
Changes to default values affect only devices without overrides.
-
Changes to an override affect only the devices assigned to that override.
-
If a device needs the default values plus a local value, add all required values to the override.
For example, a shared dns-servers network group contains default values primary-dns (10.0.1.53) and secondary-dns (10.0.2.53) for Branch A, Branch B, and Branch C. Branch C also needs local-dns-cache (10.30.1.53). Because a network group override replaces the defaults, the Branch C override must contain primary-dns, secondary-dns, and local-dns-cache.
If you later add a default value, such as tertiary-dns, Branch A and Branch B receive the new default value automatically. Branch C does not receive it until you add tertiary-dns to the Branch C override.
Unassociated objects
An unassociated object is not associated with any rule or policy. When you use an unassociated object in a rule or policy, Security Cloud Control Firewall Management creates and uses a copy of that object. The original unassociated object remains available until a nightly maintenance job deletes it or you delete it manually.
Security Cloud Control Firewall Management keeps unassociated objects as a copy so that configuration data is not lost if the related rule or policy is deleted accidentally.
To view unassociated objects, choose Objects >
, and check Unassociated.
Compare objects
Use object comparison to review up to three objects side by side and inspect their details and relationships.
Procedure
|
Step 1 |
In the left pane, click Objects and choose an option. |
|
Step 2 |
Filter the objects on the page to find the objects you want to compare. |
|
Step 3 |
Click the Compare button |
|
Step 4 |
Select up to three objects. |
|
Step 5 |
Review the objects side-by-side at the bottom of the screen. |
|
Step 6 |
(Optional) In Relationships, select a device name, and then select View Configuration to view the device configuration with the object entry highlighted. |
Object filters
Use filters on the Objects page to find objects by device, issue, shared state, association state, object type, or search value. You can also include or exclude system-defined objects.
The object type filter lets you filter by object types such as network object, network group, URL object, URL group, service object, and service group. The shared objects filter lets you filter objects that have default values, override values, or additional values.
You can combine device and object filters to create focused search strategies. For example, you can search for objects that match this logic: Issues is Unused OR Inconsistent, AND Shared Objects has Default Values OR Additional Values, AND Unassociated Objects is selected.
To filter, click
in the left-hand pane of the Objects tab:
-
Filter by Device: Shows objects found on selected devices.
-
Show System-Defined Objects: Includes predefined system objects in search and filter results. System objects cannot be edited or deleted. Some devices come with predefined objects for common services. These system objects are convenient because they are already made for you and you can use them in your rules and policies. There can be many system objects in the objects table. System objects cannot be edited or deleted.
-
Issues: Shows unused, duplicate, or inconsistent objects. If you select more than one issue, objects in any selected issue category are included.
-
Ignored Issues: Shows objects whose issues were ignored by an administrator.
-
Shared Objects: Shows shared objects. You can filter by default values, override values, additional values, or a combination.
-
Unassociated Objects: Shows objects that are not associated with any rule or policy.
-
Object Type: Shows selected object types, such as network objects, network groups, URL objects, URL groups, service objects, and service groups.
Within a main filter, subfilters can further narrow the results by object type, such as Network, Service, or Protocol. Filters across categories combine with an AND relationship. Multiple selections within a category can combine with an OR relationship.
For example, a filter set can search for objects that match this logic: objects on selected devices AND inconsistent objects AND network objects or service objects AND object names that contain group.
Configure object filters
You can filter on as few or as many criteria as you want. The more categories you filter by, the fewer results you should expect.
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Open the filter panel by clicking the filter icon |
|
Step 3 |
If you want to restrict your results to those found on particular devices:
|
|
Step 4 |
Check Show System Objects to include system objects in your search results. Uncheck Show System Objects to exclude system objects from your search results. |
|
Step 5 |
Check the object Issues you want to filter. If you check more than one issue, objects in any of the categories you check are included in your filter results. |
|
Step 6 |
Check Ignored issues if you want to see the object that had issues but was ignored by the administrator. |
|
Step 7 |
Check the required filter in Shared Objects if you are filtering for objects shared between two or more devices.
|
|
Step 8 |
Check Unassociated if you are filtering for objects that are not part of any rule or policy. |
|
Step 9 |
Check the Object Types you want to filter. |
|
Step 10 |
You can also add an object name, IP address, or port number to the Objects search field to find objects with your search criteria among the filtered results. |
Exclude device filters when you need full relationships
When you filter by device, Security Cloud Control Firewall Management shows objects on that device but does not show the object's relationships to all other devices.
For example, if ObjectA is shared between ASA1 and ASA2, and you filter for shared objects on ASA1, Security Cloud Control Firewall Management shows `ObjectA`, but the Relationships pane shows only that ObjectA is on ASA1.
To view every device and policy relationship for an object, do not specify a device in the filter criteria. Filter by other criteria, select the object, and review the Relationships pane.
Unignore objects
Unignore Objects refers to the process of reversing the action of ignoring certain objects that have been marked as unused, duplicate, or inconsistent. Ignoring objects is a way to temporarily leave unresolved issues with these objects when there are valid reasons. However, if you later decide to address these ignored objects, you can unignore them to bring them back into view and take action.
Procedure
|
Step 1 |
In the left pane, click Objects and choose an option. |
|
Step 2 |
|
|
Step 3 |
In the Object table, select the object you want to unignore. You can unignore one object at a time. |
|
Step 4 |
Click Unignore in the details pane. |
|
Step 5 |
Confirm your request. Now, when you filter your objects by issue, you should find the object that was previously ignored. |
Delete objects
You can delete a single object or mulitple objects.
Delete a single object
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: Changes you make to the ASA, FDM, and FTD network objects and groups are reflected in the corresponding Cloud-Delivered Firewall Management Center network object or group. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the changes to the on-premises Firewall Management Center on which you have these objects. Deleting a network object or group from either page deletes the object or group from both pages. |
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Locate the object you want to delete by using object filters and the search field, and select it. |
|
Step 3 |
Review the Relationships pane. If the object is used in a policy or in an object group, you cannot delete the object until you remove it from that policy or group. |
|
Step 4 |
In the Actions pane, click the Remove icon |
|
Step 5 |
Confirm that you want to delete the object by clicking OK. |
|
Step 6 |
Review and deploy the changes you made, or wait and deploy multiple changes at once. |
Delete a group of unused objects
As you onboard devices and start resolving object issues, you find many unused objects. You can delete up to 50 unused objects at a time.
Procedure
|
Step 1 |
Use the Issues filter to find unused objects. You can also use the Device filter to find objects that are not associated with a device by selecting No Device. |
|
Step 2 |
Check the Select all checkbox in the object table header to select all the objects found by the filter that appear in the object table; or, check individual checkboxes for individual objects you want to delete. |
|
Step 3 |
In the Actions pane, click the Remove icon |
|
Step 4 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Network objects
A network object can contain a host name, a network IP address, a range of IP addresses, a fully qualified domain name (FQDN), or a subnetwork expressed in CIDR notation. Network groups are collections of network objects and other individual addresses or subnetworks that you add to the group. Network objects and network groups are used in access rules, network policies, and NAT rules. You can create, update, and delete network objects and network groups using Security Cloud Control.
Not all platforms support network objects, such as Cisco Meraki and Multicloud Defense; when you share dynamic objects, Security Cloud Control Firewall Management automatically translates the appropriate information from the originating platform or device into a set of usable information that Security Cloud Control Firewall Management can use.
|
Device type |
IPv4 / IPv6 |
Single Address |
Range of addresses |
Fully Qualified Domain Name |
Subnet using CIDR Notation |
|---|---|---|---|---|---|
|
Meraki |
IPv4 |
Yes |
Yes |
Yes |
Yes |
|
Multicloud Defense |
IPv4 and IPv6 |
Yes |
Yes |
Yes |
Yes |
|
Device type |
IP Value |
Network Object |
Network Groups |
|---|---|---|---|
|
Meraki |
Yes |
Yes |
Yes |
|
Multicloud Defense |
Yes |
Yes |
Yes |
Reuse network objects across products
If you have a Security Cloud Control tenant with a Cloud-Delivered Firewall Management Center and one or more on-premises Firewall Management Centers onboarded to your tenant:
-
When you create a Secure Firewall Threat Defense, FDM-managed Firewall Threat Defense, ASA, or Meraki network object or group, a copy of the object is also added to the objects list on the Objects page used when configuring Cloud-Delivered Firewall Management Center, and vice versa.
-
When you create a Secure Firewall Threat Defense, FDM-managed Firewall Threat Defense, or ASA network object or group, an entry is created in the Devices with Pending Changes page for each On-Premises Firewall Management Center for which Discover & Manage Network Objects is enabled. From this list, you can choose and deploy the object to the on-premises Firewall Management Center on which you want to use the object and discard the ones that you do not want. Navigate , select the on-premises Firewall Management Center, and click Objects to see your objects in the On-Premises Firewall Management Center user interface and assign them to policies.
Changes you make to network objects or groups on either page apply to the object or group instance on both pages. Deleting an object from one page also deletes the corresponding copy of the object from the other page.
The following exceptions apply:
-
If a network object of the same name already exists for Cloud-Delivered Firewall Management Center, the new Secure Firewall Threat Defense, FDM-managed Firewall Threat Defense, ASA, or Meraki network object will not be replicated on the Objects page of Security Cloud Control.
-
Network objects and groups in onboarded Firewall Threat Defense devices that are managed by on-premises Secure Firewall Management Center are not replicated and cannot be used in Cloud-Delivered Firewall Management Center.
Note that for on-premises Secure Firewall Management Center instances that have been migrated to Cloud-Delivered Firewall Management Center, network objects and groups are replicated to the Security Cloud Control objects page if they are used in policies that were deployed to FTD devices.
-
Sharing Network Objects between Security Cloud Control and Cloud-Delivered Firewall Management Center is automatically enabled on new tenants but must be requested for existing tenants. If your network objects are not being shared with Cloud-Delivered Firewall Management Center, contact TAC to have the features enabled on your tenant.
-
Sharing network objects between Security Cloud Control and On-Premises Firewall Management Center is not automatically enabled on Security Cloud Control for new on-premises Firewall Management Centers onboarded to Security Cloud Control. If your network objects are not being shared with On-Premises Firewall Management Center, ensure the Discover & Manage Network Objects toggle button is enabled for the on-premises Firewall Management Center in Settings or contact TAC to have the features enabled on your tenant.
Viewing network objects
Network objects that you create in Security Cloud Control Firewall Management, and network objects that Security Cloud Control Firewall Management recognizes in onboarded device configurations, appear on the Objects page. They are labeled with their object type. This allows you to filter by object type to quickly find the object you are looking for.
When you select a network object, the Details pane shows the object values. The Relationships pane shows whether the object is used in a policy and which device stores the object.
When you select a network group, Security Cloud Control Firewall Management shows the contents of the group as the combined values from the network objects in that group.
Objects Associated with Meraki Devices
About Objects Used with Meraki Devices
The Meraki dashboard utilizes groups of IP addresses, protocols, or port ranges in source and destination fields in outbound access control rules. Once onboarded, Security Cloud Control translates IP address into network objects, and application layer protocol values into either service objects or protocol objects.
A single rule in Security Cloud Control can translate into multiple rules in the dashboard. For example, if you add an ASA protocol group that includes both TCP and UDP protocols to a single access control rule in Security Cloud Control, Security Cloud Control translates the one Security Cloud Control rule into multiple rules in the dashboard: one rule containing a TCP protocol and one rule containing a UDP protocol.
Note that the Meraki dashboard and Security Cloud Control both support CIDR subnet notation. For more information on layer 3 switch interfaces and MX device layout, see the Meraki Knowledge Base.
Which Objects Can You Use With a Meraki Device in Security Cloud Control?
There are no objects in Security Cloud Control that are exclusive to MX devices. Instead, you can create or share FTD, FDM, and ASA objects and associate these objects in rules that are deployed to the device. Because Meraki is not fully compatible with FTD and ASA objects, there may be a few limitations that affect how the MX device uses objects.
Note that if you associate an FTD, FDM, and ASA objects with an MX device, that object becomes shared. Any changes to that object will affect all the devices it is shared with and the devices' configuration status will appear as Not Synced. See Shared Objects for more information. For additional object states that could affect your objects, see the Related Articles section listed at the bottom of this page.
Meraki does not support objects containing IPv6 addresses or FQDNs.
|
Object in Security Cloud Control |
Compatible with Meraki |
|---|---|
|
Protocol Objects |
TCP, UDP, ICMP |
|
Network Objects |
yes |
|
Network Groups |
yes |
|
Service Objects |
yes |
|
ASA Service Groups |
no |
|
FTD Service Groups |
no |
Local Network Objects and Object Groups From the Meraki Cloud
Network objects and object groups provide easier management of firewall rules for Meraki devices. They serve as labels to IP Subnets and FQDN that can be used on access policies such as firewall rules. If there are needs to modify multiple access policies that use the same IP Subnets or FQDN, you only need to modify the network object to have it reflect on all policies. At this time, you must use the Meraki dashboard to create and modify these objects. For more information about what these objects can do for your environment, see Meraki's Network Objects Highlights.
![]() Note |
Once a device configuration referencing a Meraki network object or network object group is onboarded or synchronized to the Security Cloud Control UI, these objects are displayed as FTD Network objects. These objects and object groups are read-only in Security Cloud Control. |
What Do Meraki Rules Look Like in Security Cloud Control
You can view the objects from the device's policy page, or you can filter the objects page based on device. From the policy page you can view, edit, and reorder the access control rules. Because Security Cloud Control translates the outbound rules from the Meraki dashboard into access control rules with objects, rules and protocols from the Meraki dashboard may look different. The following table addresses the new names for protocols once the device is onboarded to Security Cloud Control:
|
Rule or Protocol Header in the Meraki dashboard |
Rule or Object Header in Security Cloud Control |
|---|---|
|
Policy |
Action |
|
Source IP |
Network Object or Network Group |
|
Destination IP |
Network Object or Network Group |
|
Source Port |
Network Object or Network Group |
|
Destination Port |
Network Object or Network Group |
|
Layer 3 Application Protocol |
Ports (Protocol Groups, Port Groups, or Service Objects) |
The following is an example of what the outbound rules from the Meraki dashboard look in Security Cloud Control:
Create a Local Meraki Network Object
A local Meraki network object must be made in the Merkai dashboard. If you have a Meraki device that has not been onboarded to Security Cloud Control yet, any pre-existing local objects are onboarded with the device; if you have a Meraki device that has been onboarded, sychronize the device in Security Cloud Control to read the new configuration and local objects.
![]() Note |
Once a device configuration referencing a Meraki network object or network object group is onboarded or synchronized with the Security Cloud Control UI, these objects are displayed as FTD Network objects or object groups. These objects and object groups are read-only in Security Cloud Control. |
Before you begin
Procedure
|
Step 1 |
Log into the Meraki dashboard and create a local object or a local object group. See the Meraki Network Objects Configuration Guide for more information. |
|
Step 2 |
Log into Security Cloud Control. Note: If you have not yet onboarded your Meraki device to Security Cloud Control, see Onboard an MX Device to Security Cloud Control for more information. Onboarding a device also onboards all the pre-existing objects. |
|
Step 3 |
In the left pane, click . |
|
Step 4 |
Locate the Merkai device and select it so the device row is highlighted. The device status is Conflict detected. In the pane located to the right, select either Review Conflict to review the changes made to the device's configuration or Accept without Review to accept all configuration changes. |
Create or Edit a Meraki Network Object or Network Group
MX devices use the same format as Firepower and ASA network objects and can contain a host name, an IP address or a subnet address expressed in CIDR notation. Network groups are a collection of network objects and other individual addresses or subnets you add to the group. Network objects and network groups are used in access rules. You can create, read, update, and delete network objects and network groups using Security Cloud Control.
IP addresses that can be added to network objects
|
Device type |
IPv4 / IPv6 |
Single Address |
Range of addresses |
Fully Qualified Domain Name |
Subnet using CIDR Notation |
|---|---|---|---|---|---|
|
MX |
IPv4 |
Yes |
Yes |
No |
Yes |
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: When you create an FTD, FDM, or ASA network object or group on the Objects page, a copy of the object is automatically added to the Cloud-Delivered Firewall Management Center and vice-versa. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the objects to the on-premises Firewall Management Center on which you want these objects. |
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: Changes you make to the ASA, FDM, and FTD network objects and groups are reflected in the corresponding Cloud-Delivered Firewall Management Center network object or group. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the changes to the on-premises Firewall Management Center on which you have these objects. Deleting a network object or group from either page deletes the object or group from both pages. |
Create a Meraki Network Object
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: When you create an FTD, FDM, or ASA network object or group on the Objects page, a copy of the object is automatically added to the Cloud-Delivered Firewall Management Center and vice-versa. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the objects to the on-premises Firewall Management Center on which you want these objects. |
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Click |
|
Step 3 |
Enter an object name. |
|
Step 4 |
Select Create a network object. |
|
Step 5 |
In the Value section, enter a single IP address or a subnet address expressed in CIDR notation. |
|
Step 6 |
Click Add. |
|
Step 7 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Create a Meraki Network Group
A network group is made up of multiple network objects or IP addresses.
If you want your network group to be made up of network objects, use the "Create a Network Object" procedure above to create individual network objects for your IP addresses.
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: When you create an FTD, FDM, or ASA network object or group on the Objects page, a copy of the object is automatically added to the Cloud-Delivered Firewall Management Center and vice-versa. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the objects to the on-premises Firewall Management Center on which you want these objects. |
Procedure
|
Step 1 |
In the Security Cloud Control navigation bar on the left, click Objects. |
|
Step 2 |
Click |
|
Step 3 |
Enter an object name. |
|
Step 4 |
Select Create a network group. |
|
Step 5 |
Click Add Object, select the network object from the list and click Select. Continue to do this until you have added all the network objects you want. |
|
Step 6 |
Click Add. |
|
Step 7 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Edit a Firepower Network Object or Network Group
![]() Note |
If Cloud-Delivered Firewall Management Center is deployed on your tenant: Changes you make to the ASA, FDM, and FTD network objects and groups are reflected in the corresponding Cloud-Delivered Firewall Management Center network object or group. In addition, an entry is created in the Devices with Pending Changes page for each on-premises Firewall Management Center with Discover & Manage Network Objects enabled, from which you can choose and deploy the changes to the on-premises Firewall Management Center on which you have these objects. Deleting a network object or group from either page deletes the object or group from both pages. |
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Locate the object you want to edit by using object filters and search field. |
|
Step 3 |
Select the object you want to edit. |
|
Step 4 |
Click the edit button |
|
Step 5 |
Edit the values in the dialog box in the same fashion that you created them in the procedures above. |
|
Step 6 |
Click Save. |
|
Step 7 |
Security Cloud Control displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it. |
|
Step 8 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Deleting Network Objects and Groups in Security Cloud Control
If Cloud-Delivered Firewall Management Center is deployed on your tenant:
Deleting a network object or group from the Objects page deletes the replicated network object or group from the Objects page on the Cloud-Delivered Firewall Management Center and vice-versa.
Service Objects
Protocol Objects
Protocol objects are a type of service object that contain less-commonly used or legacy protocols. Protocol objects are identified by a name and protocol number. Security Cloud Control recognizes these objects in ASA and Firepower (FDM-managed device) configurations and gives them their own filter of "Protocols" so you can find them easily.
ICMP Objects
An Internet Control Message Protocol (ICMP) object is a service object specifically for ICMP and IPv6-ICMP messages. Security Cloud Control recognizes these objects in ASA and Firepower configurations when those devices are onboarded and Security Cloud Control gives them their own filter of "ICMP" so you can find the objects easily.
Using Security Cloud Control, you can rename or remove ICMP objects from an ASA configuration. You can use Security Cloud Control to create, update, and delete ICMP and ICMPv6 objects in a Firepower configuration.
![]() Note |
For the ICMPv6 protocol, AWS does not support choosing specific arguments. Only rules that allow all ICMPv6 messages are supported. |
Create or Edit a Meraki Service Object
About Service Objects
Service objects are reusable components that specify a TCP/IP protocol and a port. Security Cloud Control categorizes these objects as service objects. When you deploy to the MX device, Security Cloud Control translates the objects into protocols or port ranges. See Objects Associated with Meraki Devices for more information about how Security Cloud Control handles Meraki protocols as objects.
Create a Service Object
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Click |
|
Step 3 |
Enter an object name and description. |
|
Step 4 |
Select Create a service object. |
|
Step 5 |
Click the Service Type button and select the protocol for which you want to create an object. |
|
Step 6 |
Enter the information to identify the protocol by taking one of these actions:
|
|
Step 7 |
Click Add. |
|
Step 8 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Create a Service Group
Procedure
|
Step 1 |
In the left pane, click Objects. |
||
|
Step 2 |
Click
|
||
|
Step 3 |
Enter an object name and description. |
||
|
Step 4 |
Select Create a service group. |
||
|
Step 5 |
Add an existing object by clicking Add Object, selecting an object, and clicking Select. Repeat this step to add more objects. |
||
|
Step 6 |
Click Add when you are done adding service objects and service values to the service group. |
||
|
Step 7 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Edit a Service Object or a Service Group
Procedure
|
Step 1 |
In the left pane, click Objects. |
|
Step 2 |
Filter the objects to find the object you want to edit and then select the object in the object table. |
|
Step 3 |
In the details pane, click edit |
|
Step 4 |
Edit the values in the dialog box in the same fashion that you created them in the procedures above. |
|
Step 5 |
Click Save. |
|
Step 6 |
Security Cloud Control displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it. The object is now ready to be used in the Meraki policy. |
|
Step 7 |
Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
.

.
, then click
in the details pane.
in the
. Each device affected by these changes displays a status of "Not Synced" in the
on the details pane. Review any warnings and click
in the navigation bar to view the results of the bulk deploy.

Feedback