topic Re: Bypassing Security Intelligence for a specific ACP entry in Network Security

Bypassing Security Intelligence for a specific ACP entry

Ditter — Mon, 25 Dec 2023 09:29:44 GMT

Hi,

is there a way to bypass SI for a specific ACP entry?

As i see it , security intelligence binds to the ACP as a whole.

But is there any way that an ACP entry to bypass the check of the security intelligence?

Thanks,

Ditter

Re: Bypassing Security Intelligence for a specific ACP entry

balaji.bandi — Mon, 25 Dec 2023 09:52:37 GMT

check below guide :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212321-clarify-the-firepower-threat-defense-acc.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security_intelligence_blacklisting.html#ID-2192-00000005

Re: Bypassing Security Intelligence for a specific ACP entry

MHM Cisco World — Mon, 25 Dec 2023 10:26:25 GMT

Add new entry in ACP and action is trust' this make specific traffic bypass all Snort include SI.

MHM

Re: Bypassing Security Intelligence for a specific ACP entry

Ditter — Mon, 25 Dec 2023 15:35:23 GMT

Thanks for the suggestion. I thought about this trust relationship, but what i want is a specific vlan to be checked against the ACP but now checked against SI. If i have this vlan in trust relationship it will not be checked against the ACP policy rules.

Can we check a vlan against SI but not bypass the ACP rules?

Ditter

Re: Bypassing Security Intelligence for a specific ACP entry

mitchelhorstone — Mon, 25 Dec 2023 15:52:23 GMT

Engaging in activities that circumvent security measures without authorization can have serious consequences and may violate ethical and legal standards.

Re: Bypassing Security Intelligence for a specific ACP entry

MHM Cisco World — Tue, 26 Dec 2023 06:27:14 GMT

this flow' there is no other than ACP trust can make specific vlan bypass SI and all snort.

Remember we talk about l3-l4 so only prefilter and acp can do that.

MHM

Re: Bypassing Security Intelligence for a specific ACP entry

Marvin Rhoads — Tue, 26 Dec 2023 11:39:03 GMT

You would have to allow the traffic via a prefilter rule (or set of rules).

What is the reason behind not wanting SI to apply?

Re: Bypassing Security Intelligence for a specific ACP entry

Ditter — Tue, 26 Dec 2023 16:26:36 GMT

Thanks for the answer.

I want to have a test vlan so that it can bypass the SI in order to check the results (or not) of the SI.

Re: Bypassing Security Intelligence for a specific ACP entry

Ditter — Wed, 27 Dec 2023 14:39:41 GMT

I was thinking about nested ACPs. As i see SI is an inherited feature so if i used inheritance could i do that?