Cisco Cisco Firepower 4110 Security Appliance
Table 72: Network Protection Policy: Classification Parameters
Parameter
Description
Priority
The unique priority of the Network Protection policy. The
highest value is the highest priority.
DefensePro processes each packet using one Network Protection policy. When
highest value is the highest priority.
DefensePro processes each packet using one Network Protection policy. When
there are multiple policies whose classification specification overlap, only the
policy with the highest Priority processes the packet.
Values:
Values:
•
0—Specifies that DefensePro automatically sets the priority by adding
10 to the highest existing value.
•
1–63,999
Default: 0
Caution:
DefensePro uses the specified Priority for all actions. That is, the
specified Priority takes precedence over all other Network Protection
parameters. For example, if you configure multiple policies that include the
same network addresses (sometimes referred to as overlapping policies),
DefensePro performs all actions according to the specified Priority, even if the
policies are configured for different directions.
Caution:
If a policy exists with a priority greater than or equal to 63,990,
you cannot create a new policy using APSolute Vision.
SRC Network
The IP address or predefined class object that defines the source of the packets
that the policy uses.
To specify any network, the field may contain the value any or be empty.
To specify any network, the field may contain the value any or be empty.
DST Network
The IP address or predefined class object that defines the destination of the
packets that the policy uses.
To specify any network, the field may contain the value any or be empty.
To specify any network, the field may contain the value any or be empty.
Direction
The direction of the traffic to which the policy relates. Values:
•
One Way—The protection applies to sessions originating from sources to
destinations that match the network definitions of the policy.
•
Two Way—The protection applies to sessions that match the network
definitions of the policy regardless of their direction.
Default: One Way
Context
The Context Group class that the policy uses.
Values:
Values:
•
A Context Group class displayed in the Classes tab
•
None
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 123 of 281