Cisco Cisco Firepower Management Center 4000
13-16
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
By default, objects are not constrained, that is, they have a zone of
Any
. Note that other than using
Any
,
you can constrain by only one zone. To enforce Security Intelligence filtering for an object on multiple
zones, you must add the object to the whitelist or blacklist separately for each zone. Also, the global
whitelist or blacklist cannot be constrained by zone.
zones, you must add the object to the whitelist or blacklist separately for each zone. Also, the global
whitelist or blacklist cannot be constrained by zone.
Step 7
Click
Add to Whitelist
or
Add to Blacklist
.
You can also click and drag the selected objects to either list.
Tip
To remove an object, click its delete icon (
). Use Shift and Ctrl to select multiple objects, or
right-click and
Select All
, then right-click and select
Delete Selected
. If you are deleting a global list, you
must confirm your choice. Note that removing an object from a whitelist or blacklist does not delete the
object from the Defense Center.
object from the Defense Center.
Step 8
Repeat steps
through
until you are finished adding objects to your whitelist and blacklist.
Step 9
Optionally, set blacklisted objects to monitor-only by right-clicking the object under Blacklist, then
selecting
selecting
Monitor-only (do not block)
.
In passive deployments, Cisco recommends you set all blacklisted objects to monitor-only. Note,
however, that you cannot set the global blacklist to monitor-only.
however, that you cannot set the global blacklist to monitor-only.
Step 10
Click
Save
.
You must apply the access control policy for your changes to take effect. For more information, see
Searching for Objects to Whitelist or Blacklist
License:
Protection
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
If you have multiple network objects, groups, feeds, and lists, use the search feature to narrow the objects
you want to blacklist or whitelist.
you want to blacklist or whitelist.
To search for objects to whitelist or blacklist:
Access:
Admin/Access Admin/Network Admin
Step 1
Type in the
Search by name or value
field.
The Available Objects list updates as you type to display matching items. Click the reload icon (
)
above the search field or click the clear icon (
) in the search field to clear the search string.
You can search on network object names and on the values configured for those objects. For example, if
you have an individual network object named
you have an individual network object named
Texas Office
with the configured value
192.168.3.0/24
,
and the object is included in the group object
US Offices
, you can display both objects by typing a
partial or complete search string such as
Tex
, or by typing a value such as
3
.
Creating Objects to Whitelist or Blacklist
License:
Protection