Cisco Cisco FirePOWER Appliance 7020
5-27
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Variable Sets
Step 6
Optionally, move items from the list of available networks or ports to the list of included or excluded
items.
items.
You can select one or more items and then drag and drop, or click
Include
or
Exclude
. Use the Ctrl and
Shift keys to select multiple items.
Tip
If addresses or ports in the included and excluded lists for a network or port variable overlap, excluded
addresses or ports take precedence.
addresses or ports take precedence.
Step 7
Optionally, enter a single literal value, then click
Add
.
For network variables, you can enter a single IP address or address block. For port variables you can add
a single port or port range, separating the upper and lower values with a hyphen (-).
a single port or port range, separating the upper and lower values with a hyphen (-).
Repeat this step as needed to enter multiple literal values.
Step 8
Click
Save
to save the variable. If you are adding a new variable from a custom set, you have the
following options:
•
Click
Yes
to add the variable using the configured value as the customized value in the default set
and, consequently, the default value in other custom sets.
•
Click
No
to add the variable as the default value of
any
in the default set and, consequently, in other
custom sets.
Step 9
When you have finished making changes, click
Save
to save the variable set, then click
Yes
.
Your changes are saved and any access control policy the variable set is linked to displays an out-of-date
status. For your changes to take effect, you must apply the access control policy where the variable set
is linked to an intrusion policy; see
status. For your changes to take effect, you must apply the access control policy where the variable set
is linked to an intrusion policy; see
Working with Network Variables
License:
Protection
Network variables represent IP addresses you can use in intrusion rules that you enable in an intrusion
policy and in intrusion policy rule suppressions, dynamic rule states, and adaptive profiles. Network
variables differ from network objects and network object groups in that network variables are specific
to intrusion policies and intrusion rules, whereas you can use network objects and groups to represent
IP addresses in various places in the system’s web interface, including access control policies, network
variables, intrusion rules, network discovery rules, event searches, reports, and so on. See
policy and in intrusion policy rule suppressions, dynamic rule states, and adaptive profiles. Network
variables differ from network objects and network object groups in that network variables are specific
to intrusion policies and intrusion rules, whereas you can use network objects and groups to represent
IP addresses in various places in the system’s web interface, including access control policies, network
variables, intrusion rules, network discovery rules, event searches, reports, and so on. See
You can use network variables in the following configurations to specify the IP addresses of hosts on
your network:
your network:
•
intrusion rules
Intrusion rule
Source IPs
and
Destination IPs
header fields allow you to restrict packet inspection to
the packets originating from or destined to specific IP addresses. See
•
suppressions
The
Network
field in source or destination intrusion rule suppressions allows you to suppress
intrusion event notifications when a specific IP address or range of IP addresses triggers an intrusion
rule or preprocessor. See
rule or preprocessor. See