Cisco Cisco Firepower Management Center 4000

You cannot apply an access control policy to stacked devices running different versions of the 
FireSIGHT System (for example, if an upgrade on one of the devices fails). See 

 for more information.

Some features require minimum versions of the FireSIGHT System, or specific device models. 
Managed devices must be running at least Version 5.3 to perform access control based on 
geolocation data. See 

 for a summary 

of features not supported on Series 2 appliances.

The label for the apply button on the quick-apply pop-up window can differ depending on whether 
you are permitted to apply an access control policy, intrusion policy, or both; see 

.

At least one detector must be enabled for each application rule condition in the policy. If no detector 
is enabled for an application, the system automatically enables all Cisco-provided detectors for the 
application; if none exist, the system enables the most recently modified user-defined detector for 
the application. See 

 for more information.

You can add an unlimited number of unique intrusion policies to an access control policy. However, 
when you apply the access control policy to a device, a pop-up window may warn that you have 
exceeded the maximum number of intrusion policies supported by the device. This maximum 
depends on a number of factors, including the physical memory and the number of processors on 
your device. Note that every unique pair of intrusion policy and variable set counts as one policy.

If you exceed the number of intrusion policies supported by your device, reevaluate your access control 
policy. You may want to consolidate intrusion policies so you can associate a single intrusion policy with 
multiple access control rules.

You cannot delete a policy that has been applied or is currently applying.

Although you can apply any combination of an access control policy and its associated intrusion 
policies, applying an access control policy automatically applies all associated file policies. You 
cannot apply file policies independently.

See the following sections for more information:

 explains how to use the quick-apply option to apply the 

access control policy along with any associated intrusion and file policies.

 explains how to select and apply any 

combination of the access control policy, any associated intrusion policies, or both.

Any

You can apply an access control policy at any time. Applying an access control policy also applies any 
associated intrusion and file policies that are different from those currently running on devices targeted 
by the policy. A pop-up window allows you to apply all together as a single quick-apply action. 
Unchanged intrusion and file policies are not applied when you use the quick-apply option.

The label for the apply button on the quick-apply pop-up window can differ depending on whether you 
are permitted to apply an access control policy, intrusion policy, or both; see 

Admin/Security Approver