Cisco Cisco Firepower Management Center 4000

Page of 1844
 
5-27
FireSIGHT System User Guide
 
Chapter 5      Managing Reusable Objects
  Working with Variable Sets
Step 6
Optionally, move items from the list of available networks or ports to the list of included or excluded 
items. 
You can select one or more items and then drag and drop, or click 
Include
 or 
Exclude
. Use the Ctrl and 
Shift keys to select multiple items. 
Tip
If addresses or ports in the included and excluded lists for a network or port variable overlap, excluded 
addresses or ports take precedence.
Step 7
Optionally, enter a single literal value, then click 
Add
.
For network variables, you can enter a single IP address or address block. For port variables you can add 
a single port or port range, separating the upper and lower values with a hyphen (-).
Repeat this step as needed to enter multiple literal values.
Step 8
Click 
Save
 to save the variable. If you are adding a new variable from a custom set, you have the 
following options:
  •
Click 
Yes
 to add the variable using the configured value as the customized value in the default set 
and, consequently, the default value in other custom sets.
  •
Click 
No 
to add the variable as the default value of 
any 
in the default set and, consequently, in other 
custom sets.
Step 9
When you have finished making changes, click 
Save
 to save the variable set, then click 
Yes
.
Your changes are saved and any access control policy the variable set is linked to displays an out-of-date 
status. For your changes to take effect, you must apply the access control policy where the variable set 
is linked to an intrusion policy; see 
Working with Network Variables
License: 
Protection
Network variables represent IP addresses you can use in intrusion rules that you enable in an intrusion 
policy and in intrusion policy rule suppressions, dynamic rule states, and adaptive profiles. Network 
variables differ from network objects and network object groups in that network variables are specific 
to intrusion policies and intrusion rules, whereas you can use network objects and groups to represent 
IP addresses in various places in the system’s web interface, including access control policies, network 
variables, intrusion rules, network discovery rules, event searches, reports, and so on. See 
You can use network variables in the following configurations to specify the IP addresses of hosts on 
your network:
  •
intrusion rules
Intrusion rule 
Source IPs
 and 
Destination IPs
 header fields allow you to restrict packet inspection to 
the packets originating from or destined to specific IP addresses. See 
  •
suppressions
The 
Network
 field in source or destination intrusion rule suppressions allows you to suppress 
intrusion event notifications when a specific IP address or range of IP addresses triggers an intrusion 
rule or preprocessor. See