Cisco Cisco FirePOWER Appliance 8130
5-31
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Variable Sets
When you modify a custom variable set used by an intrusion policy in an access control policy, the
system reflects the status for that policy as out-of-date on the Access Control page. You must reapply
the access control policy to implement changes in your variable set. When you modify the default set,
the system reflects the status of all access control policies that use intrusion policies as out-of-date, and
you must reapply all access control policies to implement your changes.
system reflects the status for that policy as out-of-date on the Access Control page. You must reapply
the access control policy to implement changes in your variable set. When you modify the default set,
the system reflects the status of all access control policies that use intrusion policies as out-of-date, and
you must reapply all access control policies to implement your changes.
See the following sections for information:
•
To link a variable set other than the default set to an access control rule, see the procedure in
•
To link a variable set other than the default set to the default action of an access control policy, see
•
To apply access control policies, including policies that link variable sets to intrusion policies, see
Understanding Advanced Variables
License:
Protection
Advanced variables allow you to configure features that you cannot otherwise configure via the web
interface. The FireSIGHT System currently provides only two advanced variables, and you can only edit
the USER_CONF advanced variable.
interface. The FireSIGHT System currently provides only two advanced variables, and you can only edit
the USER_CONF advanced variable.
USER_CONF
USER_CONF provides a general tool that allows you to configure one or more features not
otherwise available via the web interface.
otherwise available via the web interface.
Caution
Do not use the advanced variable USER_CONF to configure an intrusion policy feature unless you are
instructed to do so in the feature description or by Support. Conflicting or duplicate configurations will
halt the system.
instructed to do so in the feature description or by Support. Conflicting or duplicate configurations will
halt the system.
When editing USER_CONF, you can type up to 4096 total characters on a single line; the line wraps
automatically. You can include any number of valid instructions or lines until you reach the 8192
maximum character length for a variable or a physical limit such as disk space. Use the backslash
(\) line continuation character after any complete argument in a command directive.
automatically. You can include any number of valid instructions or lines until you reach the 8192
maximum character length for a variable or a physical limit such as disk space. Use the backslash
(\) line continuation character after any complete argument in a command directive.
Resetting USER_CONF empties it.
SNORT_BPF
SNORT_BPF is a legacy advanced variable that appears only when it was configured on your system
in a FireSIGHT System software release before Version 5.3.0 that you subsequently upgraded to
Version 5.3.0 or greater. You can only view or delete this variable. You cannot edit it or recover it
after deleting it.
in a FireSIGHT System software release before Version 5.3.0 that you subsequently upgraded to
Version 5.3.0 or greater. You can only view or delete this variable. You cannot edit it or recover it
after deleting it.
This variable allowed you to apply a Berkeley Packet Filter (BPF) to filter traffic before it reached
the system. You should now use access control rules instead of this variable to enforce the filtering
once offered by SNORT_BPF. This variable appears only with configurations that existed before
system upgrade.
the system. You should now use access control rules instead of this variable to enforce the filtering
once offered by SNORT_BPF. This variable appears only with configurations that existed before
system upgrade.