Cisco Cisco Firepower Management Center 4000
14-22
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Working with Different Types of Conditions
Step 2
Optionally, click the
Search by name or value
prompt above the
Available Users
list, then type a name or
value.
The list updates as you type to display matching conditions. See
for more information.
Step 3
Click a condition in the
Available Users
list. Use the Shift and Ctrl keys to select multiple conditions, or
right-click and then click
Select All
.
Conditions you select are highlighted.
Step 4
You have the following choices:
•
Click
Add to Rule
.
•
Drag and drop selected conditions into the
Selected Users
list.
Conditions you selected are added.
Step 5
Save or continue editing the rule.
You must apply the access control policy for your changes to take effect; see
.
Working with Application Conditions
License:
Control
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
You can configure access control rules to match application traffic. You can use either individual
applications or application filters, either Cisco-provided and user-defined, as conditions for an access
control rule. You can add applications and filters, in any combination, as long as the total number of
items does not exceed 50, where a filter counts as a single item. If the existing filters do not meet your
needs, you can create an application filter on the fly while creating an application condition; you can
then use the new filter in your rule and in other existing and future rules. See the following sections for
more details:
applications or application filters, either Cisco-provided and user-defined, as conditions for an access
control rule. You can add applications and filters, in any combination, as long as the total number of
items does not exceed 50, where a filter counts as a single item. If the existing filters do not meet your
needs, you can create an application filter on the fly while creating an application condition; you can
then use the new filter in your rule and in other existing and future rules. See the following sections for
more details:
•
•
For information on Cisco-provided and user-defined application filters, see
.
•
For information on adding an application filter on the fly, see
Note the following when adding applications:
•
The system applies the default policy action to packets that do not have a payload in a connection
where an application is identified; this would be the case, for example, when a TCP connection is
being established.
where an application is identified; this would be the case, for example, when a TCP connection is
being established.
•
It is not possible to identify applications or filter URLs before a connection is established between
the client and the server. Therefore, when a packet matches all the other conditions in a rule
containing an application or a URL, if application identification has not been completed, the packet
is allowed to pass. This behavior allows a connection to be established so that applications can be
identified.
the client and the server. Therefore, when a packet matches all the other conditions in a rule
containing an application or a URL, if application identification has not been completed, the packet
is allowed to pass. This behavior allows a connection to be established so that applications can be
identified.