Cisco Cisco Firepower Management Center 4000

14-5

FireSIGHT System User Guide

Chapter 14 Understanding and Writing Access Control Rules

Understanding Rule Actions

To create or edit an access control rule:

Access:

Admin/Access Admin/Network Admin

Step 1

Select

Policies > Access Control

The Access Control page appears.

Step 2

Click the edit icon (

) next to the access control policy where you want to add a rule.

The policy Edit page appears.

Step 3

Add a new rule or edit an existing rule:

•

To add a new rule, click

Add Rule

•

To edit an existing rule, click the edit icon (

) next to the rule you want to edit.

Either the Add Rule or the Editing Rule page appears.

Tip

You can use the right-click context menu to perform many rule creation and management actions; see

Using the Context Menu, page 2-5

. You can also drag and drop rules to change their order.

Step 4

Configure the rule components, as described earlier in this section. You can configure the following, or
accept the defaults:

•

You must provide a unique rule

Name

•

Specify whether the rule is

Enabled

•

Select a rule

Action

•

Specify the rule position.

•

Configure the rule’s conditions.

•

Configure the rule’s

Inspection

options.

•

Specify

Logging

options.

•

Add

Comments

Step 5

Click

Add

Save

Your changes are saved. You must apply the access control policy for your changes to take effect; see

Applying an Access Control Policy, page 13-34

Understanding Rule Actions

License:

Any

Every access control rule has an associated action that determines:

•

whether the system will trust, monitor, block, or allow (with or without further inspection) traffic
that matches the rule’s conditions

•

for certain rule actions, whether the system further inspects matching traffic with intrusion, file, and
network discovery policies before allowing it to pass

•

when and how you can log details about matching traffic