Cisco Cisco Firepower Management Center 4000

You populate a file policy with file rules. The following table describes the components of a file rule.

application protocol

The system can detect and inspect files transmitted via FTP, HTTP, 
SMTP, IMAP, POP3, and NetBIOS-ssn (SMB). To improve 
performance, you can restrict file detection to only one of those 
application protocols on a per-file rule basis.

direction of transfer

You can inspect incoming FTP, HTTP, IMAP, POP3, and NetBIOS-ssn 
(SMB) traffic for downloaded files; you can inspect outgoing FTP, 
HTTP, SMTP, and NetBIOS-ssn (SMB) traffic for uploaded files.

file categories and types

The system can detect various types of files. These file types are 
grouped into basic categories, including multimedia (swf, mp3), 
executables (exe, torrent), and PDFs. You can configure file rules that 
detect individual file types, or on entire categories of file types. 

For example, you could block all multimedia files, or just ShockWave 
Flash (swf) files. Or, you could configure the system to alert you when 
a user downloads a BitTorrent (torrent) file.

Frequently triggered file rules can affect system 
performance. For example, detecting multimedia files in 
HTTP traffic (YouTube, for example, transmits significant 
Flash content) could generate an overwhelming number of 
events.

file rule action

A file rule’s action determines how the system handles traffic that 
matches the conditions of the rule. 

File rules are evaluated in rule-action, not numerical, order. For 
more information, see the next section, 

.