Cisco Cisco Firepower Management Center 4000

 explains how you can enable, disable, 

and configure preprocessors and other advanced detection and performance features.

 explains how you can use intrusion policy layers to 

more efficiently manage multiple intrusion policies in a complex network environment.

 explains how you can use the variables in variable sets to 

tailor intrusion rules you enable in your policies and other intrusion policy features to match the 
traffic your network.

Protection

Building custom intrusion policies can improve the performance of the system in your environment and 
can provide a focused view of the malicious traffic and policy violations occurring on your network.

Traffic profiles and characteristics may change either by design or from the result of malicious action. 
Cisco recommends building a customized intrusion policy to ensure successful monitoring under a wide 
range of traffic conditions.

The following illustrates the process you use to define your intrusion policy and tune your system.

Decide where to place your managed devices.

There are a variety of deployment options in tuning your device. For details on deciding where to 
place your managed devices to best monitor the traffic that matters to you, see the Installation Guide 
for your device.

Understand the traffic that traverses the network segment.

Before tuning your intrusion policy, it pays to understand the traffic it will monitor. For example, if 
you are monitoring traffic in the DMZ, you may want to pay special attention to web servers and 
verify that all applicable web server rules are active. If you are monitoring an internal subnet with 
no external facing servers, you may want to tune your system differently.