topic Re: FMC warning in Network Security

FMC warning

benolyndav — Mon, 28 Mar 2022 08:51:28 GMT

So this morning I have created a new access control rule on Firepower and when I selected the intrusion policy I now see the below warning is can I still proceed with the new rule or could this cause issues.??

Snort 2 and Snort 3 version of this policy are not the same. Please make sure that any customizations are maintained independently.

Re: FMC warning

Karsten Iwen — Mon, 28 Mar 2022 09:11:26 GMT

You can proceed here, but you should think about if it's relevant for you.

Managed by FMC, you could have Firewalls running Snort2 and you could have Firewalls running Snort3. If you apply an intrusion policy where the Snort2 and Snort3-settings differ, the protection will be different.

Re: FMC warning

benolyndav — Mon, 28 Mar 2022 09:41:54 GMT

We upgraded the FMC to 7.0.1 but havent upgraded the FTD's yet our FTD's are running snort 2 I have checked so both same version could it cause issues if new access control rules are created.??

thanks

Re: FMC warning

benolyndav — Mon, 28 Mar 2022 11:37:12 GMT

Hi
found this link from FMC page looks like its ok .??

Snort version per Firepower Threat Defense—The Snort inspection engine is Firepower Threat Defense (FTD) specific and not Firepower Management Center (FMC) specific. FMC can manage several FTDs, each with either versions of Snort (Snort 2 and Snort 3). Although the FMC's intrusion policies are unique, the system applies Snort 2 or Snort 3 version of an intrusion policy for intrusion protection depending on the device's selected inspection engine. For more information on the inspection engine on the device, see Enable and Disable Snort 3.

Re: FMC warning

Karsten Iwen — Mon, 28 Mar 2022 11:44:05 GMT

Yes, just go ahead with your deployment. While still running Snort2, nothing will change. But when you later move to Snort3, you should make sure that your Intrusion policy is also implemented for that Snort version.