Cisco Cisco Firepower Management Center 4000
13-23
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Organizing Rules in a Policy
Working with Rule Categories
License:
Any
The following three predefined access control rule categories on the policy Edit page can help you
organize your rules:
organize your rules:
•
Administrator Rules
•
Standard Rules
•
Root Rules
You cannot move, delete, or rename predefined categories. By default, any predefined user role that
allows you to modify access control policies also allows you to move rules into and from, and modify
rules in, any of these categories. You can create custom user roles that restrict users from moving and
modifying rules in these predefined categories. See
allows you to modify access control policies also allows you to move rules into and from, and modify
rules in, any of these categories. You can create custom user roles that restrict users from moving and
modifying rules in these predefined categories. See
for more information.
You can add new custom categories between the predefined standard and root categories. Adding custom
categories allows you to further organize your rules without having to create additional policies. You can
rename and delete categories that you add. You cannot move these categories, but you can move rules
into, within, and out of them. Any user who is allowed to modify access control policies can also add
rules to these categories and modify rules in them without restriction.
categories allows you to further organize your rules without having to create additional policies. You can
rename and delete categories that you add. You cannot move these categories, but you can move rules
into, within, and out of them. Any user who is allowed to modify access control policies can also add
rules to these categories and modify rules in them without restriction.
The following procedure explains how to add a new category to an access control policy. See
for the complete procedure for editing an access control policy.
To add a new category:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Policies > Access Control
.
The Access Control page appears.
enable an inactive rule
right-click the rule and select
State > Enable
.
disable an active rule
right-click the rule and select
State > Disable
.
move selected rules
drag and drop selected rules beneath a new location indicated by a horizontal blue line
that appears above your pointer as you drag.
that appears above your pointer as you drag.
delete a rule
click the delete icon (
) next to the rule, then click
OK
.
Tip
You can also right-click a blank area in the row for a selected rule, select
Delete
, then click
OK
to delete one or more selected rules.
read warnings or errors
hover over the warning icon (
) or error icon (
) to read the warning or error text;
for more information.
determine if an intrusion policy or
file policy is selected for a rule
file policy is selected for a rule
view the intrusion policy icon (
) or the file policy icon (
). If the icon for a policy
is active (yellow) a policy is selected; if it is inactive (white), no policy of that type is
selected for the rule.
selected for the rule.
view the intrusion policy or file
policy selected for a rule
policy selected for a rule
click the intrusion policy icon (
) or the file policy icon (
).
Table 13-7
Access Control Rule Organization Actions (continued)
To...
You can...