topic Hi , in Network Security

Best Practice to create Access Control Policy

n.avramenko87 — Tue, 12 Mar 2019 13:07:47 GMT

Hello Friends! I need an advice.How better to create rules for access control policy? I had not practice.
How I do that.
1.Policies -> access control -> Here create My Policy
2.In my new policy I can create different rules, which can either block or allow.
For example I have rule 1 (it inspect my network use intrusion policy and inspect files).
rule2 - I want to deny access one of my computer to sait.I use BLOCK action and it works!

Is it right to use rules or maybe i do it wrong?

P.S. I used the follow structure of the network:
WAN - ASA - FIREPOWER - LAN (asa and firepower work separately, i do not use modules for asa, i have firepower and fire sight)
Thank you!

Hello!Trying to understand.I

n.avramenko87 — Fri, 09 Sep 2016 12:28:08 GMT

Hello!Trying to understand.
I have problems with 2 rules (rule 2 and rule 4). Rule 2 must block sites for one computer.And rule 4 must block utorrent.
Rule 4 is working. But rule 2 is not working (it working only if rule 4 disabled). What I do not right? Thank you!

Hi ,

Aastha Bhardwaj — Fri, 09 Sep 2016 12:36:15 GMT

Hi ,

I would suggest you to create Block statement on top because it is specific to 1 PC , the rules are matched from top to bottom , so if the rule matches first it wont even look for other rules . So more specific rules should be places on top and then followed by generic rules.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Hi ,

Aastha Bhardwaj — Fri, 09 Sep 2016 12:39:30 GMT

Hi , Rule 2 has URL's in it you should add only the name as in google.com instead of http and https in there . Regards, Aastha Bhardwaj Rate if that helps!!!

Thank you for your time! I

n.avramenko87 — Fri, 09 Sep 2016 13:41:13 GMT

Thank you for your time! I try to change names of sites, but it is not working.

But if I disabled rule 4 (must block utorrent) - rule 2 start to work. And computers do not have an access to this sites. Thank you!!!

I add my policy.

Hello,

sebrjohnson — Fri, 09 Sep 2016 13:50:31 GMT

Hello,

Are there any errors beside your rules when you have them in the order that they are in? (Yellow Triangle with explanation point)?

Also, have you tried switching those two rules spots, to see if that would affect the top - down matching criteria.

O! I have not errors. And i

n.avramenko87 — Fri, 09 Sep 2016 14:09:01 GMT

O! I have not errors. And i tryed to interchange the position of rules. And no effect.

Since Rule 4 works and rule

sebrjohnson — Fri, 09 Sep 2016 14:24:12 GMT

Since Rule 4 works and rule two doesn't;

Try removing the all the filters on rule two except the URLs that you don't want to access. Do you want them to be an "interactive block"?

=Rule2= "any""any", then URLs, and Block

Thank you! Now it is ok! But

n.avramenko87 — Fri, 23 Sep 2016 08:48:48 GMT

Hello! I need an advice.

I have access policy and I do not know use it right or not?

Is it need to add rule with INTRUSION POLICY or it will be used as default (default action)?

And I want to detect files. Do I need to use it as a individual rule. Or I need to use it with intrusion policy? (7)

Thank you!!!