You can identify the managed devices you want to target with your policy while creating or editing a policy. You can search
a list of available devices, 7000 or 8000 Series stacks, and high-availability pairs, and add them to a list of selected devices.
You cannot target stacked devices running different versions of the Firepower System (for example, if an upgrade on one of
the devices fails).
In a multidomain deployment, the system displays policies created in the current domain, which you can edit. It also displays
policies created in ancestor domains, which you cannot edit. To view and edit policies created in a lower domain, switch to
that domain.
Administrators in
ancestor domains can target NAT policies to devices in descendant domains,
which descendant domains can use or replace with customized local policies. If
a NAT policy targets devices in different descendant domains, administrators in
the descendant domains can view information about target devices belonging to
their domain only.