Cisco Cisco Firepower Management Center 4000

13-6

FireSIGHT System User Guide

Chapter 13 Using Access Control Policies

Configuring Policies

The diagram below illustrates the

Intrusion Prevention

and

Network Discovery Only

default actions. Notice

that although file inspection is supported in access control rules, you cannot perform file inspection on
traffic handled by the default action.

The following procedure explains how to set the default action for an access control policy while editing
the policy. See

Editing an Access Control Policy, page 13-29

for the complete procedure for editing an

access control policy.

To set the default action of an access control policy:

Access:

Admin/Access Admin/Network Admin

Step 1

Select

Policies > Access Control

The Access Control page appears.

Step 2

Click the edit icon (

) next to the access control policy you want to configure.

The policy Edit page appears.

Step 3

Select a

Default Action

•

To block all traffic, select

Access Control: Block All Traffic

•

To trust all traffic, select

Access Control: Trust All Traffic

•

To allow all traffic and inspect it with network discovery, select

Network Discovery Only

•

To inspect all traffic with both network discovery and intrusion policies, select an intrusion policy,
all of which begin with the label

Intrusion Prevention

. Keep in mind that an intrusion policy can block

traffic.

By default, intrusion policies use the default variable set. For information on changing the variable
set used by the intrusion policy you select, see

Default Action Variable Set

Configuring Advanced

Access Control Policy Settings, page 13-18

Caution

Do not use

Experimental Policy 1

unless instructed to do so by a Cisco representative. Cisco uses this

policy for testing.

Step 4

Configure logging options for the default action as described in the next section,

Logging Connections

for the Default Action