Cisco Cisco Firepower Management Center 4000
20-19
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Understanding the Base Policy
You can select the base policy for your intrusion policy and, when your base policy is a default policy
provided by Cisco, choose whether to allow rule updates to update your base policy on the Base Policy
summary page. You can also view but not change the default state, enabled or disabled, of preprocessors
and other advanced features. From this page, you can access the configuration pages for advanced
features where you can view but not change their default option settings. You can also access a read-only
display of the Rules page, where you can view the default states of all rules in your base policy, filter the
display to view subset of rules, and view details of individual rules.
provided by Cisco, choose whether to allow rule updates to update your base policy on the Base Policy
summary page. You can also view but not change the default state, enabled or disabled, of preprocessors
and other advanced features. From this page, you can access the configuration pages for advanced
features where you can view but not change their default option settings. You can also access a read-only
display of the Rules page, where you can view the default states of all rules in your base policy, filter the
display to view subset of rules, and view details of individual rules.
To select the base policy in your intrusion policy:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Manage Base Policy
on the Policy Information page.
The Base Policy summary page appears.
Step 4
Select the Cisco default or custom policy that you want to use as the base policy for your intrusion policy
from the
from the
Base Policy
drop-down list. See
for more
information.
Step 5
Optionally, select or clear the
Update when a new Rule Update is installed
check box to specify whether you
want new rule updates to update your base policy.
When you save your changes with the check box cleared and then import a rule update, an
Update Now
button appears on the Base Policy summary page and the status message on the page updates to inform
you that the policy is out of date. Optionally, you can click
you that the policy is out of date. Optionally, you can click
Update Now
to update your base policy with
the changes in the most recently imported rule update.
See
for more information.
Step 6
Optionally, take any of the following actions on the page:
•
To display all rules in your base policy on the Rules page in read-only mode, click
View Rule
.
In the read-only display in this page, you can filter the view to display subsets of rules in your base
policy. You can also display details of individual rules. See
policy. You can also display details of individual rules. See
for more information.
•
To view which preprocessors and other advanced features are enabled or disabled in your base
policy, scroll down the page. See
policy, scroll down the page. See
for
more information.
•
To display the configuration page and default settings for an advanced feature in read-only mode,
click
click
View
next to the feature whose default settings you want to see. For an overview of advanced
features that you can enable or disable and whose default settings you can modify, see
.
Step 7
Save your policy, continue editing, discard your changes, or exit while leaving your changes in the
system cache. See the
system cache. See the
table for more information.