Cisco Cisco Firepower Management Center 4000
6-51
FireSIGHT System User Guide
Chapter 6 Managing Devices
Editing Device Configuration
To build or edit IPv4 fast-path rules:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to add a fast-path rule, click the edit icon (
).
The Interfaces tab for that device appears.
Step 3
Click
Device
.
The Devices tab appears.
Step 4
Next to the
Advanced
section, click the edit icon (
).
The Advanced pop-up window appears.
Step 5
Click
New IPv4 Rule
to add a fast-path rule.
The New IPv4 Rule pop-up window appears.
Step 6
From the
Domain
drop-down list, select an inline set or passive security zone. See
for more information.
Step 7
Use CIDR notation in the
Initiator
and the
Responder
fields to designate the IP addresses of initiators or
responders whose packets should bypass further analysis.
Your rule matches packets from the designated initiators or packets to the designated responders. For
information on using CIDR notation in the FireSIGHT System, see
information on using CIDR notation in the FireSIGHT System, see
.
Step 8
Optionally, from the
Protocol
drop-down list, select the protocol on which you want the rule to act or
select
All
to match traffic from any protocol on the list.
Step 9
, enter initiator and responder ports in the
Initiator Port
and the
Responder Port
fields to designate ports.
Tip
You can enter a comma-separated list of port numbers in each rule. You cannot use port ranges in IPv4
fast-path rules. Note that a blank port value is treated as
fast-path rules. Note that a blank port value is treated as
Any
.
If you also select the
Bidirectional
option, your filter criteria are narrowed to packets from those initiator
ports or packets to those responder ports.
Step 10
Optionally, enter a VLAN ID in the
VLAN
field.
Your rule matches only traffic for that VLAN. Note that a blank VLAN value is treated as
Any
.
Step 11
Optionally, select the
Bidirectional
option to filter all traffic traveling between the specified initiator and
responder IP addresses. Clear the option to filter only traffic from the specified initiator IP address to the
specified responder IP address.
specified responder IP address.
Step 12
Click
Save
.
The rule is added under Fast-Path Rules in the Advanced pop-up window. Although the rule is added,
you must click
you must click
Save
again to save the rule. Note that your changes do not take effect until you apply the
device configuration; see
for more information.