Cisco Cisco FirePOWER Appliance 7010
20-9
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
The following might also occur when you commit your changes:
•
If the
Write changes in Intrusion Policy to audit log
Intrusion Policy Preferences option in the system
policy is enabled, the system logs a description of the changes in the audit log. See
for more information.
•
Depending on the configuration of the
Comments on policy change
Intrusion Policy Preferences option
in the system policy, the Description of Changes pop-up window might appear when you save your
changes, and you might be required to provide a description of your changes. Optionally or if
required, provide a description of your changes, then click
changes, and you might be required to provide a description of your changes. Optionally or if
required, provide a description of your changes, then click
OK
to save your changes, or click
Cancel
to return to the advanced editor without saving your changes. See
for more information.
•
If your configuration includes a standard text rule or a shared object rule that requires a disabled
preprocessor or other advanced feature, click
preprocessor or other advanced feature, click
OK
when prompted to automatically enable the feature
in your policy and commit the policy. Click
Cancel
to return to the Policy Information page. See
for more information.
•
If you are editing a policy at the same time another user is editing the same policy, and the other user
saves their changes to the policy, you are warned when you commit the policy that you will overwrite
the other user’s changes. Click
saves their changes to the policy, you are warned when you commit the policy that you will overwrite
the other user’s changes. Click
OK
to continue and overwrite the changes, or click
Cancel
to return to
the Policy Information page without saving your changes.
•
If you are editing the same policy via multiple web interface instances as the same user, and you
save your changes for one instance, you are prompted for any other instance if you try to commit the
policy where you cannot save your changes. Click
save your changes for one instance, you are prompted for any other instance if you try to commit the
policy where you cannot save your changes. Click
OK
to discard your changes and go to the Intrusion
Policy page.
Reapplying an Intrusion Policy
License:
Protection
After you apply an intrusion policy to a managed device using access control (see
), you can reapply the intrusion policy at any time. This allows you to
implement intrusion policy changes on your monitored network without reapplying the access control
policy. While reapplying, you can also view a comparison report to review the changes made since the
last time the intrusion policy was applied.
policy. While reapplying, you can also view a comparison report to review the changes made since the
last time the intrusion policy was applied.
Note the following when reapplying intrusion policies:
•
You can schedule intrusion policy reapply tasks to recur on a regular basis. See
for more information.
•
An intrusion policy reapply fails on invalid target devices. For example, if you apply an access
control policy that removes a previously applied intrusion policy from a device and then attempt to
reapply the intrusion policy before the access control policy apply task resolves, the intrusion policy
reapply fails.
control policy that removes a previously applied intrusion policy from a device and then attempt to
reapply the intrusion policy before the access control policy apply task resolves, the intrusion policy
reapply fails.
•
You cannot apply intrusion policies to stacked devices running different versions of the FireSIGHT
System (for example, if an upgrade on one of the devices fails). You can reapply an intrusion policy
to a device stack, but not to individual devices within the stack. See
System (for example, if an upgrade on one of the devices fails). You can reapply an intrusion policy
to a device stack, but not to individual devices within the stack. See
for more information.
•
When you import a rule update, you can automatically apply intrusion policies after the import
completes. If you do not enable this option, you must manually reapply the policies changed by the
rule update. See
completes. If you do not enable this option, you must manually reapply the policies changed by the
rule update. See
for more information.