Cisco Cisco FirePOWER Appliance 8360
23-9
FireSIGHT System User Guide
Chapter 23 Using Layers in an Intrusion Policy
Configuring User Layers
Step 2
Click the edit icon (
) next to the policy you want to view or edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Expand
Policy Layers
in the navigation panel and click the name of the layer you want to view or edit.
The Layer summary page for the layer appears.
Step 4
Optionally, you can take any of the actions in the
Step 5
Save your policy, continue editing, discard your changes, or exit while leaving your changes in the
system cache. See the
system cache. See the
table for more information.
Configuring User Layers
License:
Protection
The Policy Layers page provides a single-page summary of all of the layers in your intrusion policy. For
each layer, you can view whether an advanced setting is enabled or disabled in the layer or in a layer
above or below it in the stack. You can also view the number of rules whose states are set in the layer,
and the number of rules set to each rule state. You can also see a summary of the net effect of all enabled
rules and advanced settings throughout the layers in the policy.
each layer, you can view whether an advanced setting is enabled or disabled in the layer or in a layer
above or below it in the stack. You can also view the number of rules whose states are set in the layer,
and the number of rules set to each rule state. You can also see a summary of the net effect of all enabled
rules and advanced settings throughout the layers in the policy.
On this page you can also add shared and unshared layers, access rules and advanced settings to edit
them within a layer, and copy, merge, move, and delete layers.
them within a layer, and copy, merge, move, and delete layers.
The following table explains how to view and interpret the policy layer summary and describes the layer
configuration actions available on the Policy Layers summary page.
configuration actions available on the Policy Layers summary page.
Table 23-3
Policy Layer Configuration Actions
To...
You can...
add a shared layer from
another policy
another policy
click
Add Shared Layer
, then select the layer you want to add from the drop-down list in the Add
Shared Layer pop-up window and click
OK
, or click
Cancel
if you decide not to add a shared
layer.
The Policy Layers summary page appears. If you selected a shared layer, the screen refreshes
and the shared layer you selected appears as the highest layer in your policy.
and the shared layer you selected appears as the highest layer in your policy.
If there are no shared layers in any other policies, no drop-down list appears; click
OK
or
Cancel
on the pop-up window to return to the Policy Layers summary page.
add a layer to your policy
click
Add Layer
. Type a unique
Name
for the layer in the Add Layer pop-up window and click
OK
,
or click
Cancel
if you decide not to add a layer. You can add up to 200 layers to an intrusion
policy.
The Policy Layers summary page appears. If you added a layer, the screen refreshes and the
layer you added appears as the highest layer in your policy. Note that, in the new layer, the state
of all advanced settings and rules is initially set to Inherit, and no event filtering, dynamic state,
or alerting rule actions are set.
layer you added appears as the highest layer in your policy. Note that, in the new layer, the state
of all advanced settings and rules is initially set to Inherit, and no event filtering, dynamic state,
or alerting rule actions are set.