Cisco Cisco FirePOWER Appliance 8250
20-8
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
Using the Navigation Panel
License:
Protection
A navigation panel appears on the left side of the web interface when you are editing an intrusion policy.
A dividing line separates the navigation panel into links to policy settings you can configure with
(below) or without (above) direct interaction with policy layers.
A dividing line separates the navigation panel into links to policy settings you can configure with
(below) or without (above) direct interaction with policy layers.
The two major links above the dividing line separate intrusion policy settings into Policy Information
(the most commonly used settings) and Advanced Settings (settings that typically require little or no
modification, and require specific expertise to configure).
(the most commonly used settings) and Advanced Settings (settings that typically require little or no
modification, and require specific expertise to configure).
Click
Policy Information
to display the Policy Information page, which includes configuration options for
commonly used settings and links to configuration pages for other commonly used settings. Sublinks
beneath
beneath
Policy Information
provide direct access to the same configuration pages.
Click
Advanced Settings
to display the Advanced Settings page, where you can enable or disable advanced
settings and access configuration pages for advanced settings in your intrusion policy. Note that you
cannot access advanced intrusion policy settings from the Policy Information page.
cannot access advanced intrusion policy settings from the Policy Information page.
Expanding the
Advanced Settings
link displays sublinks to individual configuration pages for all advanced
settings that are enabled in your intrusion policy. Clicking any of these sublinks takes you to the same
advanced settings configuration pages that you can access from the Advanced Settings page. See
advanced settings configuration pages that you can access from the Advanced Settings page. See
for more information.
You can click
Policy Layers
to display a summary of the intrusion policy layers that comprise your
intrusion policy. Expanding the Policy Layers link displays sublinks to summary pages for the layers in
your intrusion policy. Expanding each layer sublink displays further sublinks to the configuration pages
for all advanced settings that are enabled in the layer, and to a layer-filtered view of intrusion rule
settings. See
your intrusion policy. Expanding each layer sublink displays further sublinks to the configuration pages
for all advanced settings that are enabled in the layer, and to a layer-filtered view of intrusion rule
settings. See
for more information.
Dark shading of an item in the navigation panel highlights your current location in the intrusion policy.
For example, in the illustration above the Policy Information page would be displayed to the right of the
navigation panel.
For example, in the illustration above the Policy Information page would be displayed to the right of the
navigation panel.
A policy change icon (
) appears next to
Policy Information
when your intrusion policy contains unsaved
changes. This icon disappears when you save your changes from the Policy Information page. You can
click the policy change icon or
click the policy change icon or
Policy Information
to display the Policy Information page.
Committing Intrusion Policy Changes
License:
Protection
You must save (that is, commit) changes to your intrusion policy before the system recognizes the
changes. When you associate an intrusion policy with an access control policy, the system associates the
most recently saved configuration. See
changes. When you associate an intrusion policy with an access control policy, the system associates the
most recently saved configuration. See
for more information.
The system caches changes to your policy on the system disk when you exit the policy without saving
your changes. The system cache stores unsaved changes for one policy per user and you must commit or
discard your changes before editing another policy when you are logged in as the same user.
your changes. The system cache stores unsaved changes for one policy per user and you must commit or
discard your changes before editing another policy when you are logged in as the same user.
Your changes are cached even when you log out of the system or experience a system crash. The system
discards the cached changes when you edit another policy as the same user without saving your changes,
or when you import a rule update. See
discards the cached changes when you edit another policy as the same user without saving your changes,
or when you import a rule update. See
for
more information.