About the Cisco Secure Dynamic Attributes Connector
The dynamic attributes connector enables you to use service tags and categories from various cloud service platforms in Secure Firewall Management Center access control rules.
Supported connectors
We currently support:
CSDAC version/platform |
AWS |
AWS Security Groups |
AWS Service Tags |
Azure |
Azure Service Tags |
Cisco Cyber Vision |
Cisco Multicloud Defense |
Generic text |
GitHub |
Google Cloud |
Microsoft Office 365 |
vCenter |
Webex |
Zoom |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Version 1.1 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
Version 2.0 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
No |
No |
Version 2.2 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
No |
Version 2.3 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Version 3.0 (on-premises) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Cloud-delivered (Cisco Defense Orchestrator) |
Yes |
No |
No |
Yes |
Yes |
No |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
Secure Firewall Management Center 7.4.1 |
Yes |
No |
No |
Yes |
Yes |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
More information about connectors:
-
Amazon Web Services (AWS)
For more information, see a resource like Tagging AWS resources on the Amazon documentation site.
See Amazon Web Services Connector—About User Permissions and Imported Data.
-
Microsoft Azure
For more information, see this page on the Azure documentation site.
See Azure Connector—About User Permissions and Imported Data.
-
Microsoft Azure service tags
For more information, see a resource like Virtual network service tags on Microsoft TechNet.
-
Generic text list of IP addresses you specify.
For more information, see Create a Generic Text Connector.
-
GitHub
For more information, see Create a GitHub Connector.
-
Google Cloud
For more information, see Setting Up Your Environment in the Google Cloud documentation.
See Google Cloud Connector—About User Permissions and Imported Data.
-
Office 365 IP addresses
For more information, see Office 365 URLs and IP address ranges on docs.microsoft.com.
-
VMware categories and tags managed by vCenter and NSX-T
For more information, see a resource like vSphere Tags and Attributes in the VMware documentation site.
-
Webex IP addresses
For more information, see Create a Webex Connector.
-
Zoom IP addresses
For more information, see Create a Zoom Connector.
How It Works
Network constructs such as IP address are not reliable in virtual, cloud and container environments due to the dynamic nature of the workloads and the inevitability of IP address overlap. Customers require policy rules to be defined based on non-network constructs such as VM name or security group, so that firewall policy is persistent even when the IP address or VLAN changes.
The following figure shows how the system functions at a high level.
-
The system supports certain public cloud providers.
This topic discusses supported connectors (which are the connections to those providers).
Related topics
History for the Cisco Secure Dynamic Attributes Connector
Feature |
Minimum Management Center |
Minimum Threat Defense |
Details |
---|---|---|---|
Cisco Secure Dynamic Attributes Connector |
7.4.0 |
7.4.0 |
This feature is introduced. The Cisco Secure Dynamic Attributes Connector is now included in the Secure Firewall Management Center. You can use the dynamic attributes connector to get IP addresses from cloud-based platforms such as Microsoft Azure in access control rules without having to deploy to managed devices. More information:
New/modified screen: |