Cisco Cisco Firepower Management Center 2000
14-18
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Working with Different Types of Conditions
To add network conditions to an access control rule:
Access:
Admin/Access Admin/Network Admin
Step 1
Select the
Networks
tab on the rule Edit page.
The Networks page appears.
Step 2
Optionally, click the
Search by name or value
prompt above the
Available Networks
list, then type a name or
value.
The list updates as you type to display matching conditions. See
for more information.
Step 3
Click a condition in the
Available Networks
list. Use the Shift and Ctrl keys to select multiple conditions,
or right-click and then click
Select All
.
Conditions you select are highlighted.
Step 4
You have the following choices:
•
To filter traffic by source network, click
Add to Source
.
•
To filter traffic by destination network, click
Add to Destination
.
Alternatively, you can drag and drop selected conditions into the
Source Networks
or
Destination Networks
list.
Conditions you selected are added. Note that you can add the same condition as both a source network
and a destination network.
and a destination network.
Step 5
Optionally, click the add icon (
) above the
Available Networks
list to add an individual network object.
You can add multiple IP addresses, CIDR blocks, and prefix lengths to each network object. Optionally,
you can then select the object you added. See
you can then select the object you added. See
and
for more information.
Step 6
Optionally, click the
Enter an IP address
prompt below the
Source Networks
or
Destination Networks
list; then
type an IP address or address block and click
Add
.
The list updates to display your entry. See
for more information.
Step 7
Save or continue editing the rule.
You must apply the access control policy for your changes to take effect; see
.
Adding Geolocation Conditions
License:
FireSIGHT
Supported Devices:
Series 3, Virtual, ASA FirePOWER
Supported Defense Centers:
Any except DC500
The geolocation feature of the FireSIGHT System identifies the source and destination geographical
locations (countries and continents) of traffic on your monitored network. To ensure you are using
up-to-date geolocation data to filter your traffic, Cisco strongly recommends you regularly update the
geolocation database (GeoDB) on your Defense Center. For information on GeoDB updates, see
locations (countries and continents) of traffic on your monitored network. To ensure you are using
up-to-date geolocation data to filter your traffic, Cisco strongly recommends you regularly update the
geolocation database (GeoDB) on your Defense Center. For information on GeoDB updates, see
. For further information on the geolocation feature, see