https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661768#M197359 <P>No it is not. Filter the traffic on the ASA and allow the permitted traffic to be inspected by Sourcefire.</P> Thu, 05 Feb 2015 02:03:33 GMT Collin Clark 2015-02-05T02:03:33Z https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661767#M197358 <P>I've got an ASA 5525-X with the SourceFire module that will be replacing a 5510. I've got the firewall ACLs from my existing ASA transferred to the new 5525-X and now I'm working on the initial configuration of the Sourcefire module. I've watched a demo video on configuring access rules and read some documentation. In the video I watched the person was controlling web access, etc... from the Sourcefire module. This seems to be the same thing I'm doing on the firewall side.<BR /><BR />What I'm wondering is if it's a good idea to duplicate the rules that I've got on the firewall side to the Sourcefire module and have them both places?</P><P>Thanks.</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:26:51 GMT https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661767#M197358 snowmizer 2019-03-12T05:26:51Z https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661768#M197359 <P>No it is not. Filter the traffic on the ASA and allow the permitted traffic to be inspected by Sourcefire.</P> Thu, 05 Feb 2015 02:03:33 GMT https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661768#M197359 Collin Clark 2015-02-05T02:03:33Z https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661769#M197360 <P>So I've got a network discovery policy in place where the default action is "Default Network Discovery". I know that I need to block traffic coming into our network based on geolocation. I can configure a rule to do that. But if I'm understanding correctly the default network discovery action will inspect all traffic as it comes into the ASA (providing I specify a service policy on the firewall side to redirect the traffic from all interfaces)? I would only need to configure a rule if I don't want to inspect traffic (e.g. traffic from our internal network to our DMZ) or if I want to do application or URL filtering?</P><P>In order to get the intrusion inspection however I need to configure a rule that will apply an intrusion policy to all traffic in my network discovery policy? I understand that I need to change the default variable set to match my network configuration for the IPS stuff to be effective.</P><P>From what I am understanding the security intelligence detection happens against the "Sourcefire Intelligence Feed" automatically as part of the network discovery policy?<BR />&nbsp;</P><P>Thanks.</P> Thu, 05 Feb 2015 14:00:35 GMT https://community.cisco.com/t5/network-security/configuring-sourcefire-access-rules/m-p/2661769#M197360 snowmizer 2015-02-05T14:00:35Z