Cisco Cisco Firepower Management Center 4000

You can add up to 50 conditions of each type to a list of selected conditions. For example, you can add 
up to 50 source zone conditions, up to 50 destination zone filters, up to 50 user conditions, and so on, 
until you reach the upper limit for the appliance.

Note that when you apply an access control policy to a device, the Defense Center sends each rule 
defined in the policy to the device as a set of expanded rules, where each rule expresses one possible 
combination of conditions in the rule. For example, a rule with the Internal security zone as a source 
zone and LDAP and HTTPS source ports would be sent to the device as two rules: one to match traffic 
with a source zone of Internal over an LDAP source port, and one to match traffic with a source zone of 
Internal over an HTTPS source port. 

An access control policy with many complex rules may not apply to a managed device if the number of 
expanded rules exceeds the number allowed for that device. If this occurs, analyze the conditions in your 
rules to see if you can eliminate unnecessary settings. 

When a list of available conditions contains more conditions than can be displayed on a single page, you 
can use navigation links under the list to switch between pages.

The following table describes the actions you can take to select and add conditions to a rule.

select available conditions to add to a list of 
selected conditions

click the available condition; use the Ctrl and Shift keys to select multiple 
conditions.

select all listed available conditions

right-click the row for any available condition, then click 

.

search a list of available conditions or filters click inside the search field and type a search string. See 

 for more information.

clear a search when searching available 
conditions or filters

click the reload icon (

) above the search field or the clear icon (

) in the 

search field.

add selected conditions from a list of 
available conditions to a list of selected 
source or destination conditions

click 

or 

. You can add zone, network, 

geolocation, and port conditions to lists of source and destination conditions. 
See 

, 

 for more information.

add selected conditions from a list of 
available conditions to a single list of 
selected conditions 

click 

. VLAN tag, user, application, and URL conditions use single 

lists of selected conditions.

drag and drop selected available conditions 
into a list of selected conditions

right-click a selected condition, then drag and drop into the list of selected 
conditions.

add a literal condition to a list of selected 
conditions using a literal field

click to remove the prompt from the literal field, type the literal condition, then 
click 

. Network, VLAN tag, and URL conditions provide a field for adding 

literal conditions.

add a literal condition to a list of selected 
conditions using a drop-down list

select a condition from the drop-down list, then click 

. Port conditions 

provide a drop-down list for adding literal conditions. See 

 for more information.

add an individual object or condition filter so 
you can then select it from the list of 
available conditions

click the add icon (

). See 

 for 

information on adding objects using the object manager.

delete a single condition from a list of 
selected conditions 

click the delete icon (

) next to the condition