Cisco Cisco Firepower Management Center 4000

If the Snort version on the Defense Center differs from that on the managed device, you cannot apply 
an intrusion policy to the device without applying the access control policy. If intrusion policy apply 
fails for this reason, reapply the entire access control policy instead.

Admin/Security Approver

Select 

.

The Intrusion Policy page appears. 

Click the apply icon (

) next to the policy you want to reapply. 

The Reapply Intrusion Policy window appears, listing the devices where the policy is currently applied.

Specify the devices where you want to reapply the policy.

Optionally, if a device is listed as 

, click the comparison icon (

) to view a report that 

compares the currently applied intrusion policy and the updated intrusion policy. See the 

 table for more information.

Click 

.

The policy is reapplied. You can monitor the status of the apply using the task queue (

). See 

 for more information.

Protection

An intrusion policy report is a record of all enabled intrusion policy features and settings at a specific 
point in time. The system combines the settings in the base policy with the settings of the policy layers, 
and makes no distinction between which settings originated in the base policy or policy layer. You use 
the report for auditing purposes or to inspect the current configuration of an intrusion policy. Remember 
to commit any potential changes before you generate an intrusion policy report; only committed changes 
appear in the report.

You can also generate an intrusion policy comparison report that compares two intrusion policies, or two 
revisions of the same intrusion policy. For more information, see 

Depending on your configuration, an intrusion policy report can contain one or more sections as 
described in the following table.