для Cisco Cisco Firepower Management Center 4000
23-10
FireSIGHT System User Guide
Chapter 23 Using Layers in an Intrusion Policy
Configuring User Layers
enable or disable sharing a
layer in your policy with
other policies
layer in your policy with
other policies
click the name of the layer in the navigation panel and select or clear the
Sharing
check box, then
click
Back
to return to the Policy Layer summary page.
Note that to disable sharing a layer that is in use in another policy, you must first delete the layer
from the other policy or delete the other policy.
from the other policy or delete the other policy.
move a layer above or
below another layer
below another layer
click anywhere inside the layer summary and drag until the position arrow ( ) points to a line
above or below a layer where you want to move the layer.
above or below a layer where you want to move the layer.
The screen refreshes and the layer appears in the new location.
manage rules or modify
advanced setting
configurations in a layer
advanced setting
configurations in a layer
click the edit icon (
) for the layer.
The Layer summary page for the layer appears. From this page you can display a layer-filtered
view of the intrusion policy Rule page, enable, disable, or inherit advanced settings in the layer,
and access advanced setting configuration pages in the layer. See
view of the intrusion policy Rule page, enable, disable, or inherit advanced settings in the layer,
and access advanced setting configuration pages in the layer. See
for more information.
Note that when you add a layer and enable an advanced setting in the new layer, the advanced
setting configuration options are initially set to the default settings in the base policy.
setting configuration options are initially set to the default settings in the base policy.
merge a layer into the next
layer beneath it
layer beneath it
click the merge icon (
) for the layer you want to merge, then click
OK
when prompted or click
Cancel
to abandon the merge.
The page refreshes and the layer is merged with the layer beneath it.
A merged layer retains all settings that were unique to either layer, and accepts the settings from
the higher layer if both layers included settings for the same rule or advanced setting. The
merged layer retains the name of the lower layer.
the higher layer if both layers included settings for the same rule or advanced setting. The
merged layer retains the name of the lower layer.
In the policy where you created a shared layer that you have added to other policies, you can
merge an unshared layer immediately above the shared layer with the shared layer, but you
cannot merge the shared layer with an unshared layer beneath it.
merge an unshared layer immediately above the shared layer with the shared layer, but you
cannot merge the shared layer with an unshared layer beneath it.
In a policy where you have added a shared layer that you created in another policy, you can
merge the shared layer into an unshared layer immediately beneath it and the resulting layer is
no longer shared; you cannot merge an unshared layer above the shared layer into the shared
layer.
merge the shared layer into an unshared layer immediately beneath it and the resulting layer is
no longer shared; you cannot merge an unshared layer above the shared layer into the shared
layer.
copy a layer
click the copy icon (
) of the layer you want to copy.
The page refreshes and a copy of the layer appears as the highest layer. Note that copying a
shared layer creates an unshared copy which, optionally, you can then identify as a layer that
can be shared with other policies.
shared layer creates an unshared copy which, optionally, you can then identify as a layer that
can be shared with other policies.
delete a layer
click the delete icon (
) for the layer you want to delete and then click
OK
at the prompt, or
click
Cancel
if you decide not to delete the layer.
The page refreshes and the layer is deleted.
Note that you cannot delete a layer with sharing enabled if the layer is in use by another policy.
Note also that you can delete the initial My Changes layer if it is unshared or if sharing is
allowed but it has not been added to any other intrusion policies.
Note also that you can delete the initial My Changes layer if it is unshared or if sharing is
allowed but it has not been added to any other intrusion policies.
display the Policy
Information page
Information page
click
Policy Summary
.
for an explanation of the actions you can take from
the Policy Information page.
Table 23-3
Policy Layer Configuration Actions (continued)
To...
You can...