Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

298

Managing Devices

Editing Device Configuration

Chapter 5

Configuring Fast-Path Rules

: Any

: 8000 Series, 3D9900

You can create fast-path rules to send traffic directly through a device with no 

further inspection. Fast-path rules divert traffic that does not need to be analyzed 

to bypass the device. Fast-path rules either send traffic to the fast-path (out of the 

interface) or allow it to continue into the device for further analysis. Their 

advantage is the speed at which they determine the correct path for the traffic. 

Because the fast-path rules function at the hardware level, they only determine 

limited information about the packet.
See the following sections for more information:

Adding IPv4 Fast-Path Rules

: Any

: 8000 Series, 3D9900

Fast-path rules send traffic to the fast-path (out of the interface) or into the device 

for further analysis. You can use the following criteria to select the IPv4 traffic you 

want to divert to the fast-path and not inspect:

initiator or responder IP address or CIDR block

protocol

initiator or responder port, for TCP or UDP protocols

VLAN ID

bidirectional option

Note that the outermost ID is used for fast-path rules.

To edit an existing fast-path rule, click the edit icon (

) next to the rule.

To build or edit IPv4 fast-path rules:

: Admin/Network Admin

1. Select Devices > Device Management.

The Device Management page appears.

2. Next to the device where you want to add a fast-path rule, click the edit icon 

(

).

The Interfaces tab for that device appears.