Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
6-51
FireSIGHT System User Guide
 
Chapter 6      Managing Devices
  Editing Device Configuration
To build or edit IPv4 fast-path rules:
Access: 
Admin/Network Admin
Step 1
Select 
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to add a fast-path rule, click the edit icon (
).
The Interfaces tab for that device appears.
Step 3
Click 
Device
.
The Devices tab appears.
Step 4
Next to the 
Advanced
 section, click the edit icon (
).
The Advanced pop-up window appears.
Step 5
Click 
New IPv4 Rule
 to add a fast-path rule.
The New IPv4 Rule pop-up window appears.
Step 6
From the 
Domain
 drop-down list, select an inline set or passive security zone. See 
 for more information.
Step 7
Use CIDR notation in the 
Initiator
 and the 
Responder
 fields to designate the IP addresses of initiators or 
responders whose packets should bypass further analysis.
Your rule matches packets from the designated initiators or packets to the designated responders. For 
information on using CIDR notation in the FireSIGHT System, see 
.
Step 8
Optionally, from the 
Protocol
 drop-down list, select the protocol on which you want the rule to act or 
select 
All
 to match traffic from any protocol on the list.
Step 9
Optionally, if you chose the TCP or UDP protocol in step 
, enter initiator and responder ports in the 
Initiator Port 
and the 
Responder Port 
fields to designate ports.
Tip
You can enter a comma-separated list of port numbers in each rule. You cannot use port ranges in IPv4 
fast-path rules. Note that a blank port value is treated as 
Any
.
If you also select the 
Bidirectional 
option, your filter criteria are narrowed to packets from those initiator 
ports or packets to those responder ports.
Step 10
Optionally, enter a VLAN ID in the 
VLAN 
field.
Your rule matches only traffic for that VLAN. Note that a blank VLAN value is treated as 
Any
.
Step 11
Optionally, select the 
Bidirectional
 option to filter all traffic traveling between the specified initiator and 
responder IP addresses. Clear the option to filter only traffic from the specified initiator IP address to the 
specified responder IP address.
Step 12
Click 
Save
The rule is added under Fast-Path Rules in the Advanced pop-up window. Although the rule is added, 
you must click 
Save
 again to save the rule. Note that your changes do not take effect until you apply the 
device configuration; see 
 for more information.