Cisco Assistant Rule Examples

The Cisco Assistant for Secure Access can create internet and private access rules in your policy from natural language prompts. The assistant requires that you compose the prompts with your organization's rule components and actions. For more information, see the Procedure in Get Started with the Cisco Assistant.

We recommend that you review the prompt samples before you begin to interact with the assistant and generate access rules.

Table of Contents

Core Prompt Components

  • Action—One of the rule actions to apply on the rule components. The actions available to a rule depends on the type of the rule.
  • Source—The source components configured in your instance of Secure Access. Various source types are available on each policy rule type.
  • Destination—The resource components configured in your instance of Secure Access.

For more information, see Components for Private Access Rules and Components for Internet Access Rules.

Key Words for Prompts

  • Allow—Action used in a prompt to generate both internet and private access rules.
  • Grant—Allow the source and destination on the rule.
  • Give—Allow the source and destination on the rule.
  • Block, Prevent—Action used in a prompt to generate both internet and private access rules.
  • Warn—Action used in a prompt to generate only internet access rules.
  • Isolate—Action used in a prompt to generate only internet access rules.
  • Access to—Use the phrase to complete the connection between the source and destination.
  • From—Use the preposition to indicate the connection between the source and destination.
  • And—Operator used in a prompt to generate multiple rules with various components and rule actions. For example: Allow Thomas and Block John access to Jira.
  • Not, But Not—Operator used in a prompt to exclude certain components (source or destination) on multiple rules with various components and rule actions. For example: Allow Suzy not John and Block John access to Jira.
  • Any User—Apply the rule to any one of the users in the organization.
  • All Users—Apply the rule to all of the users in the organization.
  • No User—Apply the rule to none of the users in the organization.
  • Any Protocol—Permit the rule to apply to a destination that has any protocol.
    Note: Use must include a port value with the Any Protocol option in the prompt.
  • Any Private Resource—Permit the rule to apply to any private resource.
  • Create a Rule—Prefix included before the core components of the prompt.
  • Call Rule, Call this Rule—Use the phrase in a prompt to name the generated rule.

Private Access Rule Examples

Prompts for private access policy rules must include an Action to apply to the components on the rule, and Source and Destination components. The assistant requires these core components to create an appropriate access rule.

Allow Action Rule

Allow <source> access to <destination>

Block Action Rule

Block <source> from <destination>

Include an AND Operator with Allow or Block Action Rule

Block <source> from <destination_one> and Allow <source> access to <destination_two>

Include a NOT Operator with Allow or Block Action Rule

Block <source> not <source> from <destination_one> and Allow <source> access to <destination_two>

Internet Access Rule Examples

Prompts for internet access policy rules must include an Action to apply to the components on the rule, and Source and Destination components. The assistant requires these core components to create an appropriate access rule.

Allow Action Rule

Allow <source> access to <destination>

Block Action Rule

Block <source> from <destination>
Block <source> access to <destination>
Block <source from <destination> where the rule is 'rule-one'

Warn Action Rule

Warn <source> from <destination>

Isolate Action Rule

Isolate <source> from <destination>

Include an AND Operator with Allow or Block Action Rule

Allow a source and destination set, and block a different source and destination set.

Prevent <source_one> from <destination_one> and Allow <source_two> access to <destination_one>

Include a NOT Operator with Allow or Block Action Rule

Block <source> not <source> from <destination> and Allow <source> access to <destination>

Additional Samples

allow 10.1.1.1/16 access to 192.1.2.3/32
allow 10.1.1.1 access to 192.1.2.3/32 port 8080 , any protocol
allow 10.1.1.2 access to 192.1.2.3 on port 80 and tcp protocol
grant access to <destination> for <source>
create internet rule allow any access to any
[email protected] cannot access shopping
give dev access to workday and ads
give [email protected] access to testenv and cisco-test.com
create private access rule to allow everyone access to jira on port 80, tcp protocol
create private access rule to allow everyone access to jira on port 80, protocol icmp

Add Rules with the Cisco Assistant < Cisco Assistant Rule Examples > Find Documented Answers with the Cisco Assistant