Cisco Cisco Firepower Management Center 4000

Admin/Intrusion Admin

Select 

.

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

display the Layer summary 
page for a layer

click the layer name in the summary for the layer.

The Layer summary page for the layer appears.

From this page you can modify the layer name and description, set the layer to be shared by other 
intrusion policies, configure advanced settings states, and access advanced settings 
configuration pages. You can also display filtered Rules page views of rules whose states are set 
in the layer; you can display filtered views for all rules or by rule state. See 

, 

, and 

 for more information.

Note that, alternatively, you can click the view icon (

) to access the Layer summary page a 

shared layer. Note also that the Layer summary page for a shared layer is read-only.

display the Layer summary 
page for the base policy

click the base policy name in the base policy summary.

The Layer summary page for the base policy appears.

From this page you can select a different base policy for your intrusion policy and specify 
whether changes in an imported rule update your intrusion policy. You can view which advanced 
settings are enabled or disabled in your base policy and access read-only configuration pages 
showing the default configurations of advanced settings in the policy. Status messages give the 
number of rules enabled in the policy and the number set to generate events and to drop packets 
and generate events. From this page you can access a read-only view of the Rules page showing 
the settings for all rules in the base policy. See 

, and 

 for more information.

display a layer-level 
advanced setting 
configuration page

click the advanced setting name in the summary for the layer.

Note that configuration pages are read-only in the base policy and in shared layers. See 

 and 

, and for more information.

display rules in a layer by 
rule state type

click the icon for drop and generate events (

), generate events (

), or disabled (

) in the 

summary for the layer, or on the description next to the icon for the rule state type you want to 
display.

Note that disabled rules are not displayed for the base policy or the Policy Summary. Note also 
that each layer summary provides the total number of rules enabled (that is, the total set to 
generate events or to drop and generate events) in the layer, and the total for each enabled rule 
state. Also, note that the base policy rule state totals are the default enabled rule state settings 
in the policy, and the Policy Summary totals are the effective sum of all enabled rule states for 
all layers in the policy.