Cisco Cisco FirePOWER Appliance 8250
14-5
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Understanding Rule Actions
To create or edit an access control rule:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Policies > Access Control
.
The Access Control page appears.
Step 2
Click the edit icon (
) next to the access control policy where you want to add a rule.
The policy Edit page appears.
Step 3
Add a new rule or edit an existing rule:
•
To add a new rule, click
Add Rule
.
•
To edit an existing rule, click the edit icon (
) next to the rule you want to edit.
Either the Add Rule or the Editing Rule page appears.
Tip
You can use the right-click context menu to perform many rule creation and management actions; see
. You can also drag and drop rules to change their order.
Step 4
Configure the rule components, as described earlier in this section. You can configure the following, or
accept the defaults:
accept the defaults:
•
You must provide a unique rule
Name
.
•
Specify whether the rule is
Enabled
.
•
Select a rule
Action
.
•
Specify the rule position.
•
Configure the rule’s conditions.
•
Configure the rule’s
Inspection
options.
•
Specify
Logging
options.
•
Add
Comments
.
Step 5
Click
Add
or
Save
.
Your changes are saved. You must apply the access control policy for your changes to take effect; see
Understanding Rule Actions
License:
Any
Every access control rule has an associated action that determines:
•
whether the system will trust, monitor, block, or allow (with or without further inspection) traffic
that matches the rule’s conditions
that matches the rule’s conditions
•
for certain rule actions, whether the system further inspects matching traffic with intrusion, file, and
network discovery policies before allowing it to pass
network discovery policies before allowing it to pass
•
when and how you can log details about matching traffic