Cisco Cisco FirePOWER Appliance 7110
13-11
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
You can either display a generic Cisco-provided response page, or you can enter custom HTML. When
you enter custom text, a counter shows how many characters you have used. For a blocked session
custom page you can use up to 1353 characters; click-to-continue custom pages are limited to 1273
characters.
you enter custom text, a counter shows how many characters you have used. For a blocked session
custom page you can use up to 1353 characters; click-to-continue custom pages are limited to 1273
characters.
Note that HTTP response pages do not appear for traffic blocked because of a Security Intelligence
blacklist or an application detected based on a Secure Sockets Layer (SSL) certificate.
blacklist or an application detected based on a Secure Sockets Layer (SSL) certificate.
Tip
To quickly disable interactive blocking for all rules in an access control policy, display neither the
Cisco-provided page nor a custom page.
Cisco-provided page nor a custom page.
In each access control policy, you configure the response page for blocking and interactively blocking
rules separately. The rule action determines the page displayed to your users. For example, you could
display the Cisco-provided page to users whose sessions are blocked, but a custom page to users who
can click to continue. For detailed information on rule actions, see
rules separately. The rule action determines the page displayed to your users. For example, you could
display the Cisco-provided page to users whose sessions are blocked, but a custom page to users who
can click to continue. For detailed information on rule actions, see
.
Note that in rare cases, when a blocking rule is preceded by another rule that contains an application
condition, an HTTP response page may not appear even though the system successfully blocks traffic.
condition, an HTTP response page may not appear even though the system successfully blocks traffic.
To configure HTTP response pages:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Policies > Access Control
.
The Access Control page appears.
Step 2
Click the edit icon (
) next to the access control policy you want to configure.
The policy Edit page appears.
Step 3
Select the
HTTP Responses
tab.
HTTP response page settings for the access control policy appear.
Step 4
For the
Block Response Page
and the
Interactive Block Response Page
, select responses from the drop-down
lists. For each page, you have the following choices:
•
To use a generic response, select
Cisco
-provided
. You can click the view icon (
) to view the HTML
code for this page.
•
To create a custom response, select
Custom
.
A pop-up window appears, pre-populated with Cisco-provided code that you can replace or modify.
When you are done, save your changes. Note that you can edit a custom page by clicking the edit
icon (
When you are done, save your changes. Note that you can edit a custom page by clicking the edit
icon (
).
•
To prevent the system from displaying an HTTP response page, select
None
. Note that selecting this
option for interactively blocked sessions prevents users from clicking to continue.
Step 5
Click
Save
to save your configuration.
You must apply the access control policy for your changes to take effect. For more information, see