topic Excluding Specific Traffic from Firepower Inspection in Network Security https://community.cisco.com/t5/network-security/excluding-specific-traffic-from-firepower-inspection/m-p/5233647#M1118025 <P>Hello,</P><P>Regarding the ASA5525 with the FirePower module I am using, the following configuration exists in the service policy rules:</P><P>-------------</P><P>class-map Internal-class<BR />match any</P><P>policy-map Internal-policy<BR />class Internal-class<BR />sfr fail-open</P><P>service-policy Internal-policy interface Internal</P><P>---------</P><P>I believe all traffic passing through the Internal interface is being inspected by Firepower. However, I would like to configure it so that specific traffic is excluded from Firepower inspection.</P><P>To achieve this, I attempted to add a rule to the Internal Policy in the ASDM's Service Policy Rules. I defined a class to specify the traffic but wasn’t sure what to configure under "Rule Actions."</P><P>I proceeded without setting any Rule Actions, but it didn’t work as expected.</P><P>Could you provide some advice?</P><P>Best regards,<BR /><BR /></P> Sat, 07 Dec 2024 01:33:49 GMT Samechine 2024-12-07T01:33:49Z Excluding Specific Traffic from Firepower Inspection https://community.cisco.com/t5/network-security/excluding-specific-traffic-from-firepower-inspection/m-p/5233647#M1118025 <P>Hello,</P><P>Regarding the ASA5525 with the FirePower module I am using, the following configuration exists in the service policy rules:</P><P>-------------</P><P>class-map Internal-class<BR />match any</P><P>policy-map Internal-policy<BR />class Internal-class<BR />sfr fail-open</P><P>service-policy Internal-policy interface Internal</P><P>---------</P><P>I believe all traffic passing through the Internal interface is being inspected by Firepower. However, I would like to configure it so that specific traffic is excluded from Firepower inspection.</P><P>To achieve this, I attempted to add a rule to the Internal Policy in the ASDM's Service Policy Rules. I defined a class to specify the traffic but wasn’t sure what to configure under "Rule Actions."</P><P>I proceeded without setting any Rule Actions, but it didn’t work as expected.</P><P>Could you provide some advice?</P><P>Best regards,<BR /><BR /></P> Sat, 07 Dec 2024 01:33:49 GMT https://community.cisco.com/t5/network-security/excluding-specific-traffic-from-firepower-inspection/m-p/5233647#M1118025 Samechine 2024-12-07T01:33:49Z Re: Excluding Specific Traffic from Firepower Inspection https://community.cisco.com/t5/network-security/excluding-specific-traffic-from-firepower-inspection/m-p/5233649#M1118027 <P><A href="https://integratingit.wordpress.com/2022/06/11/asa-firepower-module/" target="_blank">https://integratingit.wordpress.com/2022/06/11/asa-firepower-module/</A></P> <P>Check this'&nbsp;</P> <P>What you need is add line under class deny specific traffic from pass through sfr</P> <P>MHM</P> Sat, 07 Dec 2024 01:54:06 GMT https://community.cisco.com/t5/network-security/excluding-specific-traffic-from-firepower-inspection/m-p/5233649#M1118027 MHM Cisco World 2024-12-07T01:54:06Z