Cisco Cisco FirePOWER Appliance 8390
5-11
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Port Objects
Step 2
If you need a copy of the list to edit, click
Download
, then follow your browser’s prompts to save the list
as a text file.
Step 3
Make changes to the list as necessary.
Step 4
On the Security Intelligence pop-up window, click
Browse
to browse to the modified list, then click
Upload
.
The list is uploaded.
Step 5
Click
Save
.
Your changes are saved. If the list is being used by an active access control policy, you must apply the
policy for your changes to take effect.
policy for your changes to take effect.
Working with Port Objects
License:
Any
Port objects represent different protocols in slightly different ways:
•
For TCP and UDP, a port object represents the transport layer protocol, with the protocol number in
parentheses, plus an optional associated port or port range. For example:
parentheses, plus an optional associated port or port range. For example:
TCP(6)/22
.
•
For ICMP and ICMPv6 (IPv6-ICMP), the port object represents the internet layer protocol plus an
optional type and code. For example:
optional type and code. For example:
ICMP(1):3:3
.
•
A port object can also represent other protocols that do not use ports.
Note that Cisco provides default port objects for well-known ports. You can modify or delete these
objects, but Cisco recommends that you create custom port objects instead.
objects, but Cisco recommends that you create custom port objects instead.
You can use port objects and groups (see
) in various places in the system’s
web interface, including access control policies, network discovery rules, port variables, and event
searches. For example, if your organization uses a custom client that uses a specific range of ports and
causes the system to generate excessive and misleading events, you can configure your network
discovery policy to exclude monitoring those ports.
searches. For example, if your organization uses a custom client that uses a specific range of ports and
causes the system to generate excessive and misleading events, you can configure your network
discovery policy to exclude monitoring those ports.
You cannot delete a port object that is in use. Additionally, after you edit a port object used in an access
control or network discovery policy, you must reapply the policy for your changes to take effect.
control or network discovery policy, you must reapply the policy for your changes to take effect.
Note that you cannot add any protocol other than TCP or UDP for source port conditions in access
control rules. Also, you cannot mix transport protocols when setting both source and destination port
conditions in a rule.
control rules. Also, you cannot mix transport protocols when setting both source and destination port
conditions in a rule.
If you add an unsupported protocol to a port object group used in a source port condition, the rule where
it is used does not apply to the managed device on policy apply. Additionally, if you create a port object
containing both TCP and UDP ports, then add it as a source port condition in a rule, you cannot add a
destination port, and vice versa.
it is used does not apply to the managed device on policy apply. Additionally, if you create a port object
containing both TCP and UDP ports, then add it as a source port condition in a rule, you cannot add a
destination port, and vice versa.
To create a port object:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Objects > Object Management
.
The Object Management page appears.
Step 2
Under
Port
, select
Individual Objects
.