Cisco Cisco Firepower Management Center 4000

When you select the Automatic Application Bypass option, you can type a 

 in 

milliseconds (ms). The default setting is 3000 ms and the valid range is from 250 ms to 60,000 ms.

Optionally, select the 

 check box to inspect exception traffic when deployed as 

a router.

Optionally, configure fast-path rules. For more information, see 

.

Click 

.

Your changes are saved. Note that your changes do not take effect until you apply the device 
configuration; see 

 for more information.

Any

8000 Series, 3D9900

You can create fast-path rules to send traffic directly through a device with no further inspection. 
Fast-path rules divert traffic that does not need to be analyzed to bypass the device. Fast-path rules either 
send traffic to the fast-path (out of the interface) or allow it to continue into the device for further 
analysis. Their advantage is the speed at which they determine the correct path for the traffic. Because 
the fast-path rules function at the hardware level, they only determine limited information about the 
packet.

See the following sections for more information:

Any

8000 Series, 3D9900

Fast-path rules send traffic to the fast-path (out of the interface) or into the device for further analysis. 
You can use the following criteria to select the IPv4 traffic you want to divert to the fast-path and not 
inspect:

initiator or responder IP address or CIDR block

protocol

initiator or responder port, for TCP or UDP protocols

VLAN ID

bidirectional option

Note that the outermost ID is used for fast-path rules.

To edit an existing fast-path rule, click the edit icon (

) next to the rule.