Cisco Cisco Firepower Management Center 4000
23-8
FireSIGHT System User Guide
Chapter 23 Using Layers in an Intrusion Policy
Understanding Intrusion Policy Layers
You can set the state (enabled or disabled) of advanced settings in the current layer or in a layer above
or below that layer. Setting the state for an advanced setting in a layer overrides the state for that
advanced setting in lower layers. When the advanced setting is enabled in a layer, the configuration in
that layer also overrides the configuration of the advanced setting in lower layers.
or below that layer. Setting the state for an advanced setting in a layer overrides the state for that
advanced setting in lower layers. When the advanced setting is enabled in a layer, the configuration in
that layer also overrides the configuration of the advanced setting in lower layers.
Advanced setting states set in a different layer are color-coded to show whether they are set in a layer
above or below. Note that because the Advanced Settings page is a composite view of all state settings,
it does not use color coding to indicate where an advanced setting state is set in the layer order.
above or below. Note that because the Advanced Settings page is a composite view of all state settings,
it does not use color coding to indicate where an advanced setting state is set in the layer order.
The system uses the configuration for an advanced setting in the highest layer where the configuration
is enabled. Unless you explicitly modify the configuration, the system uses the default configuration. For
example, if you enable and modify the DCE/RPC configuration in a layer, and you enable the DCE/RPC
configuration but do not modify it in a higher layer, the system will use the default configuration in the
higher layer.
is enabled. Unless you explicitly modify the configuration, the system uses the default configuration. For
example, if you enable and modify the DCE/RPC configuration in a layer, and you enable the DCE/RPC
configuration but do not modify it in a higher layer, the system will use the default configuration in the
higher layer.
You can view the layers where advanced settings are enabled, disabled, and inherited by clicking
Policy
Layers
in the navigation panel. See
The following table describes the actions available on the Layer summary page for user-configurable
layers in your intrusion policy.
layers in your intrusion policy.
To view or modify advanced settings in a layer view:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Table 23-2
Layer Summary Page Actions
To...
You can...
modify the layer name or description type a new value for
Name
or
Description
.
Note that this action is not available on the Advanced Settings page.
share the layer with other intrusion
policies
policies
select
Allow this layer to be used by other policies
.
See
and
for more information.
Note that this action is not available on the Advanced Settings page.
enable an advanced setting in the
current layer
current layer
click
Enabled
next to the advanced setting you want to enable.
The page refreshes, a sublink to the configuration page for the advanced setting
appears beneath the layer name in the navigation panel, and an
appears beneath the layer name in the navigation panel, and an
Edit
link appears for the
advanced setting you enabled. Optionally, click the
Edit
link or the advanced setting
sublink to modify the current configuration. See
for links to the configuration pages for all advanced settings.
Note that the Back Orifice preprocessor has no user-configurable options.
disable the advanced setting in the
current layer
current layer
click
Disabled
.
The page refreshes and, if the advanced setting was enabled, the advanced setting
sublink and
sublink and
Edit
link no longer appear.
inherit the advanced setting state and
configuration from the settings in the
highest layer below the current layer
configuration from the settings in the
highest layer below the current layer
click
Inherit
.
The page refreshes and, if the advanced setting was enabled, the advanced setting
sublink and
sublink and
Edit
link no longer appear.