Cisco Cisco Firepower 4110 Security Appliance
You can export, edit, and import policies. The information of an exported policy is referred to as a template. A
template may also include baselines. For more information, see
Using Configuration Templates for Security
Policies, page 150
.
Before you configure a policy, ensure that you have configured the following:
•
The Classes that will be required to define the protected network segment. For more information,
see
Managing Classes, page 113
.
•
The Network Protection profiles—for more information see:
—
Configuring Signature Protection for Network Protection, page 123
—
Configuring BDoS Profiles for Network Protection, page 134
—
Configuring SYN Profiles for Network Protection, page 137
—
Configuring DNS Flood Protection Profiles for Network Protection, page 144
—
Configuring Out of State Protection Profiles for Network Protection, page 147
Caution:
When you configure the policy, APSolute Vision stores your configuration changes, but it does not
download your configuration changes to the device. To apply changes onto the device, you must activate the
configuration changes. Activating the latest changes is also referred to as Update Policies.
Caution:
When using the Radware DefensePro DDoS Mitigation SOAP interface, to remove a protection profile
from a Network Protection policy, you must enter the value none for the profile.
To configure a Network Protection policy
1.
In the Configuration perspective, select Network Protection > Network Protection Policies.
2.
Do one of the following:
—
To add an entry, click the (Add) button.
—
To edit an entry in the table, double-click the entry.
3.
Configure the Network Protection policy parameters, and then, click Submit.
4.
To activate your configuration changes on the device, click Update Policies (
).
Table 71: Network Protection Policy: General Parameters
Parameter
Description
Enabled
Specifies whether the policy is enabled.
Policy Name
The name of the Network Protection policy.
Maximum characters: 19
Maximum characters: 19
Caution:
The name must not include a comma (,).
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 122 of 281