Cisco Cisco FirePOWER Appliance 8360
14-2
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Creating and Editing Access Control Rules
See the following sections for more information on access control rules:
•
•
•
•
•
•
•
Creating and Editing Access Control Rules
License:
Any
An access control rule is simply a set of configurations and conditions that:
•
qualifies network traffic
•
specifies how and whether you further inspect and log traffic that matches those qualifications
•
determines the traffic’s eventual flow
You create and edit access control rules from within an existing access control policy. Each rule belongs
to only one policy.
to only one policy.
Table 14-1
License Requirements for Access Control Rules
To apply an access control policy that includes
rules...
rules...
Add this license...
To one of these Defense
Centers...
Centers...
And enable it on one of
these devices...
these devices...
with zone, network, VLAN, or port conditions,
or URL conditions that use literal URLs and
URL objects only
or URL conditions that use literal URLs and
URL objects only
Any
Any
Any, except Series 2
devices cannot perform
URL filtering using literal
URLs and URL objects and
ASA FirePOWER modules
cannot match traffic using
VLAN tag conditions
devices cannot perform
URL filtering using literal
URLs and URL objects and
ASA FirePOWER modules
cannot match traffic using
VLAN tag conditions
associated with intrusion policies, or file
policies that do not perform malware detection
or blocking
policies that do not perform malware detection
or blocking
Protection
Any
Any, except Series 2
devices cannot perform
Security Intelligence
filtering
devices cannot perform
Security Intelligence
filtering
associated with file policies that perform
malware detection or blocking
malware detection or blocking
Malware
Any except DC500
Series 3, Virtual, X-Series,
ASA FirePOWER
ASA FirePOWER
with application or user conditions
Control
Any, except the DC500
cannot perform user
control
cannot perform user
control
Series 3, Virtual, X-Series,
ASA FirePOWER
ASA FirePOWER
with geolocation conditions
FireSIGHT
Any except DC500
Series 3, Virtual,
ASA FirePOWER
ASA FirePOWER
with URL conditions that use URL category
and reputation data
and reputation data
URL Filtering
Any except DC500
Series 3, Virtual, X-Series,
ASA FirePOWER
ASA FirePOWER