Cisco Cisco Firepower Management Center 4000
50-26
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify the NTP server settings in an existing system policy, click the edit icon (
) next to the
system policy.
•
To configure the NTP server settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access List page appears.
Step 3
Click
Time Synchronization
.
The Time Synchronization page appears.
Step 4
From the
Serve Time via NTP
drop-down list, select
Enabled
.
Step 5
In the
Set My Clock
option for the managed device, select
Via NTP from
Defense Center.
Step 6
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy to the
Defense Center and its managed devices. See
Defense Center and its managed devices. See
for more
information.
Note
It may take a few minutes for the Defense Center to synchronize with its managed devices.
Configuring User Interface Settings
License:
Any
Unattended login sessions of the FireSIGHT System web interface or command line interface may be
security risks. You can configure, in minutes, the amount of idle time before a user’s login session times
out due to inactivity. You can also set a similar timeout for shell (command line) sessions.
security risks. You can configure, in minutes, the amount of idle time before a user’s login session times
out due to inactivity. You can also set a similar timeout for shell (command line) sessions.
Your deployment may have users who plan to passively, securely monitor the web interface for long
periods of time. You can exempt users from the web interface session timeout with a user configuration
option. (Users with the Administrator role, whose complete access to menu options poses an extra risk
if compromised, cannot be made exempt from session timeouts.) For more information, see
periods of time. You can exempt users from the web interface session timeout with a user configuration
option. (Users with the Administrator role, whose complete access to menu options poses an extra risk
if compromised, cannot be made exempt from session timeouts.) For more information, see
.
For cases in which you must restrict shell access to the system, a third option allows you to permanently
disable the
disable the
expert
command in the command line. Disabling expert mode on an appliance prevents any
user, even users with Configuration shell access, from going into expert mode in the shell. When a user
goes into expert mode on the command line, the user can run any Linux command appropriate to the
shell. When not in expert mode, command line users can only run the commands provided by the
command line interface. Note that the command line interface is not supported for Series 2 appliances.
goes into expert mode on the command line, the user can run any Linux command appropriate to the
shell. When not in expert mode, command line users can only run the commands provided by the
command line interface. Note that the command line interface is not supported for Series 2 appliances.
For more information on command line interface commands, see
.
For information on setting up users for command line access, see
(for virtual device CLI user management).