https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867873#M990510 <P>Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.</P> Wed, 05 Jun 2019 05:10:26 GMT Marvin Rhoads 2019-06-05T05:10:26Z https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867794#M990509 <P>I'm new to Firepower. I'm migrating ASA FW Configuration to Firepower. We will be using FDM and not FMC.</P><P>&nbsp;</P><P>My Question is: Should I enable IPS and Malware in every single (allowed) Access Rule OR create a single Rule for IPS and Malware for all the allowed traffic. What is the recommended implementation.</P><P>&nbsp;</P><P>Thanks</P> Tue, 04 Jun 2019 23:58:04 GMT https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867794#M990509 sheikhrazib2766 2019-06-04T23:58:04Z https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867873#M990510 <P>Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.</P> Wed, 05 Jun 2019 05:10:26 GMT https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867873#M990510 Marvin Rhoads 2019-06-05T05:10:26Z https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867876#M990511 <P>Thanks Marvin</P> Wed, 05 Jun 2019 05:21:13 GMT https://community.cisco.com/t5/network-security/ips-and-malware-policy/m-p/3867876#M990511 sheikhrazib2766 2019-06-05T05:21:13Z