Cisco Cisco FirePOWER Appliance 8250
6-52
FireSIGHT System User Guide
Chapter 6 Managing Devices
Editing Device Configuration
Adding IPv6 Fast-Path Rules
License:
Any
Supported Devices:
Series 3, 3D9900
Fast-path rules send traffic to the fast-path (out of the interface) or into the device for further analysis.
You can use the following criteria to select the IPv6 traffic you want to divert to the fast-path and not
inspect:
You can use the following criteria to select the IPv6 traffic you want to divert to the fast-path and not
inspect:
•
initiator or responder IP address or address block
•
protocol
•
initiator or responder port, for TCP or UDP protocols
•
VLAN ID
•
bidirectional option
Note that the outermost VLAN ID is used for fast-path rules.
Tip
To edit an existing fast-path rule, click the edit icon (
) next to the rule.
To add an IPv6 fast-path rule:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to add a fast-path rule, click the edit icon (
).
The Interfaces tab for that device appears.
Step 3
Click
Device
.
The Devices tab appears.
Step 4
Next to the
Advanced
section, click the edit icon.
The Advanced pop-up window appears.
Step 5
Click
New IPv6 Rule
to add a fast-path rule.
The New IPv6 Rule pop-up window appears. Note that the initiator and responder fields are fixed and
indicate that the filter applies to IPv6 packets from any initiator or responder.
indicate that the filter applies to IPv6 packets from any initiator or responder.
Step 6
From the
Domain
drop-down list, select an inline set or passive security zone. See
for more information.
Step 7
Type IP addresses or use IPv6 prefix length notation to specify address blocks in the
Initiator
and the
Responder
fields for the IP addresses of initiators or responders whose packets should bypass further
analysis.
Your rule matches packets from the designated initiators or packets to the designated responders. For
information on using IPv6 prefix length notation in the FireSIGHT System, see
information on using IPv6 prefix length notation in the FireSIGHT System, see
.
Step 8
Optionally, from the
Protocol
drop-down list, select the protocol on which you want the rule to act or
select
All
to match traffic from any protocol on the list.
Your fast-path rule matches only the selected protocol’s packets.