Cisco Cisco FirePOWER Appliance 7030
13-35
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Managing Access Control Policies
•
You cannot apply an access control policy to stacked devices running different versions of the
FireSIGHT System (for example, if an upgrade on one of the devices fails). See
FireSIGHT System (for example, if an upgrade on one of the devices fails). See
for more information.
•
Some features require minimum versions of the FireSIGHT System, or specific device models.
Managed devices must be running at least Version 5.3 to perform access control based on
geolocation data. See
Managed devices must be running at least Version 5.3 to perform access control based on
geolocation data. See
for a summary
of features not supported on Series 2 appliances.
•
The label for the apply button on the quick-apply pop-up window can differ depending on whether
you are permitted to apply an access control policy, intrusion policy, or both; see
you are permitted to apply an access control policy, intrusion policy, or both; see
.
•
At least one detector must be enabled for each application rule condition in the policy. If no detector
is enabled for an application, the system automatically enables all Cisco-provided detectors for the
application; if none exist, the system enables the most recently modified user-defined detector for
the application. See
is enabled for an application, the system automatically enables all Cisco-provided detectors for the
application; if none exist, the system enables the most recently modified user-defined detector for
the application. See
for more information.
•
You can add an unlimited number of unique intrusion policies to an access control policy. However,
when you apply the access control policy to a device, a pop-up window may warn that you have
exceeded the maximum number of intrusion policies supported by the device. This maximum
depends on a number of factors, including the physical memory and the number of processors on
your device. Note that every unique pair of intrusion policy and variable set counts as one policy.
when you apply the access control policy to a device, a pop-up window may warn that you have
exceeded the maximum number of intrusion policies supported by the device. This maximum
depends on a number of factors, including the physical memory and the number of processors on
your device. Note that every unique pair of intrusion policy and variable set counts as one policy.
Tip
If you exceed the number of intrusion policies supported by your device, reevaluate your access control
policy. You may want to consolidate intrusion policies so you can associate a single intrusion policy with
multiple access control rules.
policy. You may want to consolidate intrusion policies so you can associate a single intrusion policy with
multiple access control rules.
•
You cannot delete a policy that has been applied or is currently applying.
•
Although you can apply any combination of an access control policy and its associated intrusion
policies, applying an access control policy automatically applies all associated file policies. You
cannot apply file policies independently.
policies, applying an access control policy automatically applies all associated file policies. You
cannot apply file policies independently.
See the following sections for more information:
•
explains how to use the quick-apply option to apply the
access control policy along with any associated intrusion and file policies.
•
explains how to select and apply any
combination of the access control policy, any associated intrusion policies, or both.
Applying a Complete Policy
License:
Any
You can apply an access control policy at any time. Applying an access control policy also applies any
associated intrusion and file policies that are different from those currently running on devices targeted
by the policy. A pop-up window allows you to apply all together as a single quick-apply action.
Unchanged intrusion and file policies are not applied when you use the quick-apply option.
associated intrusion and file policies that are different from those currently running on devices targeted
by the policy. A pop-up window allows you to apply all together as a single quick-apply action.
Unchanged intrusion and file policies are not applied when you use the quick-apply option.
The label for the apply button on the quick-apply pop-up window can differ depending on whether you
are permitted to apply an access control policy, intrusion policy, or both; see
are permitted to apply an access control policy, intrusion policy, or both; see
To quick-apply a complete access control policy:
Access:
Admin/Security Approver