Cisco Cisco Firepower Management Center 4000

The following might also occur when you commit your changes:

If the 

 Intrusion Policy Preferences option in the system 

policy is enabled, the system logs a description of the changes in the audit log. See 

 for more information.

Depending on the configuration of the 

 Intrusion Policy Preferences option 

in the system policy, the Description of Changes pop-up window might appear when you save your 
changes, and you might be required to provide a description of your changes. Optionally or if 
required, provide a description of your changes, then click 

 to save your changes, or click 

 

to return to the advanced editor without saving your changes. See 

 for more information.

If your configuration includes a standard text rule or a shared object rule that requires a disabled 
preprocessor or other advanced feature, click 

 when prompted to automatically enable the feature 

in your policy and commit the policy. Click 

 to return to the Policy Information page. See 

 for more information.

If you are editing a policy at the same time another user is editing the same policy, and the other user 
saves their changes to the policy, you are warned when you commit the policy that you will overwrite 
the other user’s changes. Click 

 to continue and overwrite the changes, or click 

 to return to 

the Policy Information page without saving your changes.

If you are editing the same policy via multiple web interface instances as the same user, and you 
save your changes for one instance, you are prompted for any other instance if you try to commit the 
policy where you cannot save your changes. Click 

 to discard your changes and go to the Intrusion 

Policy page.

Protection

After you apply an intrusion policy to a managed device using access control (see 

), you can reapply the intrusion policy at any time. This allows you to 

implement intrusion policy changes on your monitored network without reapplying the access control 
policy. While reapplying, you can also view a comparison report to review the changes made since the 
last time the intrusion policy was applied.

Note the following when reapplying intrusion policies:

You can schedule intrusion policy reapply tasks to recur on a regular basis. See 

 for more information.

An intrusion policy reapply fails on invalid target devices. For example, if you apply an access 
control policy that removes a previously applied intrusion policy from a device and then attempt to 
reapply the intrusion policy before the access control policy apply task resolves, the intrusion policy 
reapply fails. 

You cannot apply intrusion policies to stacked devices running different versions of the FireSIGHT 
System (for example, if an upgrade on one of the devices fails). You can reapply an intrusion policy 
to a device stack, but not to individual devices within the stack. See 

 for more information.

When you import a rule update, you can automatically apply intrusion policies after the import 
completes. If you do not enable this option, you must manually reapply the policies changed by the 
rule update. See 

 for more information.