Cisco Cisco Firepower Management Center 4000
13-6
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
The diagram below illustrates the
Intrusion Prevention
and
Network Discovery Only
default actions. Notice
that although file inspection is supported in access control rules, you cannot perform file inspection on
traffic handled by the default action.
traffic handled by the default action.
The following procedure explains how to set the default action for an access control policy while editing
the policy. See
the policy. See
for the complete procedure for editing an
access control policy.
To set the default action of an access control policy:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Policies > Access Control
.
The Access Control page appears.
Step 2
Click the edit icon (
) next to the access control policy you want to configure.
The policy Edit page appears.
Step 3
Select a
Default Action
.
•
To block all traffic, select
Access Control: Block All Traffic
.
•
To trust all traffic, select
Access Control: Trust All Traffic
.
•
To allow all traffic and inspect it with network discovery, select
Network Discovery Only
.
•
To inspect all traffic with both network discovery and intrusion policies, select an intrusion policy,
all of which begin with the label
all of which begin with the label
Intrusion Prevention
. Keep in mind that an intrusion policy can block
traffic.
By default, intrusion policies use the default variable set. For information on changing the variable
set used by the intrusion policy you select, see
set used by the intrusion policy you select, see
Default Action Variable Set
Caution
Do not use
Experimental Policy 1
unless instructed to do so by a Cisco representative. Cisco uses this
policy for testing.
Step 4
Configure logging options for the default action as described in the next section,