Cisco Cisco ASA 5506W-X with FirePOWER Services Technical Manual
Consider the configuration of an access rule from the FMC as shown in the image:
This is a single rule on the Management Center. However, after deploying it to the sensor, it is
expanded into eight rules as shown in the image:
expanded into eight rules as shown in the image:
When you deploy a rule with two subnets configured as Source, two hosts configured as
destination addresses and two custom URL objects in a single rule on the Management Center
,this rule is expanded to eight rules on the sensor. This means that for each custom URL category
there is a combination of source and destination IP/port ranges, which are configured and created.
destination addresses and two custom URL objects in a single rule on the Management Center
,this rule is expanded to eight rules on the sensor. This means that for each custom URL category
there is a combination of source and destination IP/port ranges, which are configured and created.
Expansion of an IP Based Rule using Ports
Consider the configuration of an access rule from the FMC as shown in the image:
This is a single rule on the Management Center. However, after deploying it to the sensor, it is
expanded into sixteen rules as shown in the image:
expanded into sixteen rules as shown in the image:
When you deploy a rule with two subnets configured as Source, two hosts configured as
destination addresses and two custom URL objects destined to two ports, this rule expands to
sixteen rules on the sensor.
destination addresses and two custom URL objects destined to two ports, this rule expands to
sixteen rules on the sensor.
Note: If there is a requirement to use the ports in the access rule, use application
detectors which are present for standard applications. This helps rule expansion to happen
in an efficient way.
detectors which are present for standard applications. This helps rule expansion to happen
in an efficient way.
Consider the configuration of an access rule from the FMC as shown in the image: