Cisco Cisco Firepower Management Center 4000

Specify whether you want to 

 or 

.

You cannot log end-of-connection events for blocked traffic.

Use the 

 check box to specify whether the system should log any file and malware events 

associated with the connection.

Associating a file policy with the rule automatically enables the check box. Cisco recommends that you 
leave this setting enabled.

Specify where to send connection events. You have the following choices:

To send connection events to the Defense Center, select 

Defense Center. When your rule action is 

, you must log connections to the Defense Center.

To send connection events to syslog, select 

, then select a syslog alert response from the 

drop-down list. Optionally, you can add a syslog alert response by clicking the add icon (

); see 

To send connection events to an SNMP trap server, select 

, then select an SNMP alert 

response from the drop-down list. Optionally, you can add an SNMP alert response by clicking the 
add icon (

); see 

.

Click 

 to save your changes. 

The rule is added and the policy Edit page appears.

Any

You can add comments to an access control rule. For example, you might summarize the overall 
configuration for the benefit of other users, or note when you change a rule and the reason for the change.

You can edit or delete a comment until you save your rule, then you can no longer edit or delete the 
comment.

You can display a list of all comments for a rule along with the user who added each comment and the 
date the comment was added. You can display comments while creating or editing a rule. 

Note that you will be prompted to comment when you save changes to a rule if adding a comment is 
optional or required and you have not already added a comment during the current edit session. See 

 for more information.

The following basic procedure explains how to add comments to a new rule. See 

 for complete instructions on adding and modifying rules.