Cisco Cisco Firepower Management Center 4000

Protection

When you set event filters, dynamic states, and alerting for selected rules in a custom policy that you use 
as your base policy, then remove those settings in the policy that uses the custom policy as its base policy, 
your intrusion policy ignores subsequent setting changes that you make to the affected rules in the 
custom policy you use as your base policy.

The following procedure explains how to set a policy where you have not added layers to accept changes 
to rule settings that you make in the custom policy that you use as your base policy. See 

 to accept settings for these rules in a policy where you have added 

layers.

Admin/Intrusion Admin

Select 

.

The Intrusion Policy page appears.

Click the edit icon (

) next to the intrusion policy where you want to unblock settings.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Expand 

 in the navigation panel.

Expand the link beneath 

, which is named 

 if you have not renamed it.

Click 

 beneath

.

The Rules page for My Changes appears.

Locate the rule or rules whose settings you want to accept. You have the following options:

To sort the current display, click on a column heading or icon. To reverse the sort, click again.

Construct a filter by clicking on keywords or arguments in the filter panel on the left. For more 
information, see 

.

The page refreshes to display all matching rules.

Select the rule or rules whose settings you want to accept. You have the following options:

To select a specific rule, select the check box next to the rule.

To select all the rules in the current list, select the check box at the top of the column.

Select 

 from the 

 drop-down list.

Save your policy, continue editing, discard your changes, or exit while leaving your changes in the 
system cache. See the 

 table for more information.