Cisco Cisco Firepower Management Center 4000

Click 

.

The Add Rule page appears.

Ensure the 

 is set to 

, 

, or 

.

Select the 

 tab.

The Inspection page appears.

To open a new browser tab where you can edit your associated file policy, user-created intrusion policy, 
or variable set, click the edit icon (

) next to the appropriate drop-down list.

Select an 

 then, if you selected a user-created intrusion policy, optionally link a 

 to the intrusion policy. See 

 for more information.

Select 

 to disable intrusion inspection for traffic that matches the access control rule.

Do not select 

Experimental Policy 1

 unless instructed to by a Cisco representative. Cisco uses this 

policy for testing.

Select a 

.

Select 

 to disable file inspection for traffic that matches the access control rule.

Click 

 to save your changes.

The rule is added and the policy Edit page appears.

Any

For each access control rule in your policies, you must decide whether you want to log connection data 
for the traffic that matches the conditions in the rule. Tying connection logging to individual rules gives 
you granular control over the connections you want to log. An access control rule’s logging 
configuration also determines whether you log file and malware events associated with the connection. 

You can log two other types of connection data, outside of access control rules. First, you can log 
connections handled by the default action. You can also log the decision made by the system to either 
deny (blacklist) or inspect (blacklist set to monitor-only) a connection based on Security Intelligence 
data.

You should log connections according to the security and compliance needs of your organization. If your 
goal is to limit the number of events you generate, only enable logging for the rules critical to your 
analysis. However, if you want a broad view of your network traffic, you can enable logging for 
additional access control rules or for the default action.