https://community.cisco.com/t5/network-security/fmc/m-p/5278976#M1120495 <P>I don't know any "IDF" term in relation to FMC. </P> <P>In telecommunications, IDF is usually used to mean "Intermediate Distribution Frame" - a term used in building cabling.</P> Mon, 07 Apr 2025 13:31:30 GMT Marvin Rhoads 2025-04-07T13:31:30Z https://community.cisco.com/t5/network-security/fmc/m-p/5278972#M1120494 <P>I need a solution to suppress the IDF alert in FMC.&nbsp; Thanks</P> Mon, 07 Apr 2025 13:25:06 GMT https://community.cisco.com/t5/network-security/fmc/m-p/5278972#M1120494 anuoluwapo-bankole 2025-04-07T13:25:06Z https://community.cisco.com/t5/network-security/fmc/m-p/5278976#M1120495 <P>I don't know any "IDF" term in relation to FMC. </P> <P>In telecommunications, IDF is usually used to mean "Intermediate Distribution Frame" - a term used in building cabling.</P> Mon, 07 Apr 2025 13:31:30 GMT https://community.cisco.com/t5/network-security/fmc/m-p/5278976#M1120495 Marvin Rhoads 2025-04-07T13:31:30Z https://community.cisco.com/t5/network-security/fmc/m-p/5278977#M1120496 <P><A target="_blank" rel="noopener">@Marvin Rhoads</A>, I am so sorry.&nbsp;I meant IDS Alert</P> Mon, 07 Apr 2025 13:34:45 GMT https://community.cisco.com/t5/network-security/fmc/m-p/5278977#M1120496 anuoluwapo-bankole 2025-04-07T13:34:45Z https://community.cisco.com/t5/network-security/fmc/m-p/5279036#M1120502 <P>OK, for IDS then, see below.</P> <P>In general, you should carefully consider why you want to suppress a rule and only proceed if you have a thorough understanding of the implications.</P> <P>Methods to Suppress IPS Rules:</P> <P>1. Adjust Rule State in Intrusion Policy:</P> <P><BR />Navigate to the Intrusion Policy in the FMC. Locate the specific IPS rule you want to suppress. <BR />Change the rule state to "Disabled" to stop processing the rule or "Generate Events" to only log events without blocking traffic. <BR />Alternatively, you can set the rule to "Drop and Generate Events" to both drop the traffic and generate an event.</P> <P>2. Create an Access Control Rule to Bypass Inspection:</P> <P>Create a new access control rule that matches the traffic you want to bypass IPS inspection for.</P> <P>Ensure the new rule is placed above the rule with the IPS policy configured. <BR />Set the action of the new rule to "Trust" or "Allow" to bypass inspection.</P> <P>3. Create a New IPS Policy with Disabled Rules:</P> <P>Create a new IPS policy with the specific rules disabled for the traffic you want to exempt.</P> <P>4. Create a new access control rule that references the new IPS policy.</P> <P>Set the action of the new access control rule to "Allow".</P> <P>Suppression and Thresholding:</P> <P>You can configure suppression and thresholding for specific IPS rules to control the number of events generated.</P> <P>This can help prevent the Firepower device from being overloaded with events during high-volume attacks. <BR />You can configure suppression based on source or destination IP addresses or networks. <BR />Thresholding allows you to define a limit on the number of events generated within a specific time interval.</P> Mon, 07 Apr 2025 16:18:29 GMT https://community.cisco.com/t5/network-security/fmc/m-p/5279036#M1120502 Marvin Rhoads 2025-04-07T16:18:29Z https://community.cisco.com/t5/network-security/fmc/m-p/5279845#M1120554 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;Thank you so much.&nbsp;</P> Wed, 09 Apr 2025 16:53:25 GMT https://community.cisco.com/t5/network-security/fmc/m-p/5279845#M1120554 anuoluwapo-bankole 2025-04-09T16:53:25Z