Cisco Cisco Firepower Management Center 4000
13-3
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
See the following sections for more information on creating and managing access control policies:
•
•
•
Configuring Policies
License:
Any
To configure an access control policy, you must give the policy a unique name, specify a default action,
and identify the devices, or targets, where you want to apply the policy.
and identify the devices, or targets, where you want to apply the policy.
You can also:
•
blacklist (deny without further inspection) traffic based on Security Intelligence data before that
traffic can be inspected by any access control rules; optionally you can monitor traffic based on that
same data
traffic can be inspected by any access control rules; optionally you can monitor traffic based on that
same data
•
add, edit, delete, enable, and disable access control rules
•
configure an HTML page (called the HTTP response page) that users see when an access control
rule blocks their HTTP request
rule blocks their HTTP request
•
configure advanced settings, such as the number of URL characters to store in connection events,
the depth or duration of file and malware inspection, and the duration of bypasses for interactively
blocked sessions
the depth or duration of file and malware inspection, and the duration of bypasses for interactively
blocked sessions
•
log traffic that is handled by the default action
After you create or modify an access control policy, you can apply the policy to all or some targeted
devices. You can also create custom user roles that allow you to assign different permissions to different
users for configuring, organizing, and applying policies.
devices. You can also create custom user roles that allow you to assign different permissions to different
users for configuring, organizing, and applying policies.
The following table summarizes the configuration actions you can take on the policy Edit page.
performs user or application control
Control
Any, except the DC500
cannot perform user
control
cannot perform user
control
Series 3, Virtual, X-Series,
ASA FirePOWER
ASA FirePOWER
performs access control based on geolocation
data (source or destination country or
continent)
data (source or destination country or
continent)
FireSIGHT
Any except DC500
Series 3, Virtual,
ASA FirePOWER
ASA FirePOWER
performs URL filtering using category and
reputation data
reputation data
URL Filtering
Any except DC500
Series 3, Virtual, X-Series,
ASA FirePOWER
ASA FirePOWER
Table 13-1
License and Appliance Requirements for Access Control (continued)
To apply a policy that...
Add this license...
To one of these Defense
Centers...
Centers...
And enable it on one of
these devices...
these devices...