Cisco Cisco Firepower Management Center 2000

Any

Series 3, 3D9900

Fast-path rules send traffic to the fast-path (out of the interface) or into the device for further analysis. 
You can use the following criteria to select the IPv6 traffic you want to divert to the fast-path and not 
inspect:

initiator or responder IP address or address block

protocol

initiator or responder port, for TCP or UDP protocols

VLAN ID

bidirectional option

Note that the outermost VLAN ID is used for fast-path rules.

To edit an existing fast-path rule, click the edit icon (

) next to the rule.

Admin/Network Admin

Select 

.

The Device Management page appears.

Next to the device where you want to add a fast-path rule, click the edit icon (

).

The Interfaces tab for that device appears.

Click 

.

The Devices tab appears.

Next to the 

 section, click the edit icon.

The Advanced pop-up window appears.

Click 

 to add a fast-path rule.

The New IPv6 Rule pop-up window appears. Note that the initiator and responder fields are fixed and 
indicate that the filter applies to IPv6 packets from any initiator or responder.

From the 

 drop-down list, select an inline set or passive security zone. See 

 for more information.

Type IP addresses or use IPv6 prefix length notation to specify address blocks in the 

 and the 

 fields for the IP addresses of initiators or responders whose packets should bypass further 

analysis.

Your rule matches packets from the designated initiators or packets to the designated responders. For 
information on using IPv6 prefix length notation in the FireSIGHT System, see 

.

Optionally, from the 

 drop-down list, select the protocol on which you want the rule to act or 

select 

 to match traffic from any protocol on the list.

Your fast-path rule matches only the selected protocol’s packets.