topic Disable Security Intelligence on FTD Access Control Policy in Network Security

Disable Security Intelligence on FTD Access Control Policy

bgl-group — Fri, 21 Feb 2020 15:53:32 GMT

This might sound strange but I want to have a policy on a 2110 FTD Appliance that does not use Security Intelligence.

The firewall is an internal device that is used to screen PCI users from the rest of the network, as such it is not able to communicate with the outside world - so I don't need the DNS scannig features - also I haven't bought a threat license for the devices.

I have deleted the DNS Feeds but it still seems to want to use this.

Is it possible to remove the Security Intelligence section completely - or is this a way to force you to buy a threat policy for every firewall?

Thanks

Giles

Re: Disable Security Intelligence on FTD Access Control Policy

yogdhanu — Mon, 18 Jun 2018 12:46:22 GMT

Hi Giles,

You can't remove the Security intelligence tab/option. If you don't wish to use it, remove all the categories from blacklists which will make sure nothing is blocked by this feature.

For the DNS policy, use the default one and edit the policy and rules and disable both blacklist and whitelist.

Hope it helps,
Yogesh

Re: Disable Security Intelligence on FTD Access Control Policy

bgl-group — Mon, 18 Jun 2018 15:51:03 GMT

HI Yogesh

That almost completely worked, I don't have any license errors on the FTD policy but I now have the firewalls complaining that the feeds (which they are not using are out of date). Any idea on how to clear this one out (the firewalls were on eval before I licensed them). The only thing I can think is to remove the policies and this may cure the issue if I re-apply them. I think during eval they ran with all the features enabled.

Giles