Cisco Cisco Firepower 4110 Security Appliance
Chapter 4 – Managing Classes
Classes
define groups of elements of the same type of entity in DefensePro. This chapter
contains the following sections:
•
Configuring Network Classes, page 113
•
Configuring Context Group Classes, page 114
•
Configuring Application Classes, page 115
•
Configuring MAC Address Classes, page 116
•
Configuring SGT Classes, page 117
You can configure classes based on the following:
•
Networks
—
To classify traffic in a Network Protection policy.
•
Context Groups
—
To classify traffic in a Network Protection policy.
•
Application ports
—
To define or modify applications based on Layer 4 destination ports.
•
MAC addresses
—
To classify traffic whose source or destination is a transparent network device.
•
SGTs
—
To configure the Security Group Tags (SGTs).
After you create or modify a class, the configuration is saved in the APSolute Vision database. You must activate
the configuration to download it to the device. You can also view the current class configurations on your device.
After creation, you cannot modify the name of a class, or the configuration of application classes.
Configuring Network Classes
In Radware DefensePro DDoS Mitigation for Cisco Firepower, you can use Network classes in Network Protection
policies to match source or destination traffic. A Network class is identified by a name and defined by a network
address and IPv4 mask or IPv6 prefix.
To configure a Network class
1.
In the Configuration perspective, select Classes > Networks.
2.
To add or modify a Network class, do one of the following:
—
To add a class, click the (Add) button.
—
To edit a class, double-click the entry in the table.
3.
Configure the Network class parameters, and then, click Submit.
4.
To activate your configuration changes on the device, click Update Policies ( ).
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 115 of 281