Guides
Secure Access Help Center

Combine Destinations with Boolean Logic

The Cisco Secure Access policy is the collection of an organization's internet and private access rules. On each rule in the Access policy, you can select sources and destinations. When you select Network and Service Objects and Groups for destinations in an access rule, Secure Access provides the option to combine the destinations with the logical AND operator.

How Destinations are Combined on Access Rules

  • Generally, Secure Access supports the use of the logical OR operator to combine the selected destination components together on the To side of the internet or private access rule. All types of destinations, and all destinations within a type, are combined together using the boolean OR operator. Traffic to each destination that you specify in a rule matches the rule.
  • For Network and Service Objects and Groups and Service Objects and Groups selected on a destination, Secure Access supports the use of the logical AND operator to combine the selected objects and groups.
    Note: You must select at least one Network Object or Network Object Group and one Service Object or Service Object Group before Secure Access enables the AND option.

Logical AND Operator with Network and Service Objects

If you enable the AND option for the destinations in the access rule, then depending on the destination components that you selected, Secure Access combines the destinations together using certain logical operators. To use the AND operator, you must select at a minimum a Network Object and a Service Object.

Supported Combinations of Destinations with Logical AND Operator

Secure Access supports specific combinations of Network and Service Objects with the logical AND operator for destinations on access rules.

  • Network Objects AND with Service Objects.
  • Network Object Groups AND with Service Objects.
  • Network Object Groups AND with Service Object Groups.
  • Service Object Groups AND with Network Objects.
  • Network Objects OR with Network Object Groups, then AND with
    • Service Objects OR with Service Object Groups.
  • Network Objects OR with Network Object Groups, then AND with Service Objects.
  • Network Objects OR with Network Object Groups, then AND with Service Object Groups.
  • Service Objects OR with Service Object Groups, then AND with Network Objects.
  • Service Objects OR with Service Object Groups, then AND with Network Object Groups.

Access Rules with Network and Service Objects < Combine Destinations with Boolean Logic > Manage Network Objects and Groups

Updated 2 days ago