Cisco Cisco FirePOWER Appliance 8270
13-10
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
To manage targeted devices in an access control policy:
Access:
Admin/Access Admin/Network Admin
Step 1
Select
Policies > Access Control
.
The Access Control page appears.
Step 2
Click the edit icon (
) next to the access control policy you want to configure.
The policy Edit page appears.
Step 3
Click the device targets link, then click
Manage Targets
.
The Manage Device Targets pop-up window appears.
Step 4
Optionally, click the
Search
prompt above the
Available Devices
list, then type a name.
The list updates as you type to display matching devices. You can click the clear icon (
) to clear the
list.
Step 5
Click the device or device group you want to add. Use Ctrl and Shift to select multiple devices.
Tip
You can also right-click an available device, then click
Select All
.
Step 6
Click
Add to Policy
.
Selected devices are added.
Tip
You can also drag and drop.
Step 7
Optionally, click the delete icon (
) to delete a device from the list of selected devices; or, use the Ctrl
and Shift keys to select multiple devices, right-click, then select
Delete Selected
.
Step 8
Click
OK
to save your configuration, or click
Cancel
to discard it.
If you click
OK
, you configuration is added to the policy and the policy Edit page appears.
Adding an HTTP Response Page
License:
FireSIGHT
When an access control rule blocks a user’s HTTP request, what the user sees in a web browser depends
on how you block the session. When choosing a rule action, select:
on how you block the session. When choosing a rule action, select:
•
Block
or
Block with reset
if you want to deny the connection. A blocked session times out; the system
resets Block with reset connections. However, for both blocking actions, you can override the
default browser or server page with a custom page that explains that the connection was denied. The
system calls this custom page an HTTP response page.
default browser or server page with a custom page that explains that the connection was denied. The
system calls this custom page an HTTP response page.
•
Interactive Block
or
Interactive Block with reset
if you want to display an HTTP response page that
warns users, but also allows them to click a button to continue or refresh the page to load the
originally requested site. Users may have to refresh after bypassing the response page to load page
elements that did not load.
originally requested site. Users may have to refresh after bypassing the response page to load page
elements that did not load.