Solved: Re: Differences between IPS Policy and INLINE Set in FTD

drivera_ · ‎05-06-2019

Hi everybody,

I would like to know what's the difference between creating and IPS Policy and applying it to a rule, and creating and INLINE set pair between two interfaces. Is it necessary to do both things? I realized that I cannot create an INLINE Set pair between two subinterfaces, is it a FTD limitation? I'm a little confused, because I already created an IPS Policy and applied to a rule, but I'm not sure if it is enough for inspecting traffic.

Thank you so much for your help.

Ilkin · ‎05-14-2019

Configuring IPS policy and Inline set pair are two different things: When configured, IPS policy is applied to traffic that is matched by specific access control entry irrespective of interface mode, while Inline set is a way to configure IPS-only interfaces (more information about different interface modes and types is here: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/interface_overview_for_firepower_threat_defense.html).
Firepower 4100/9300 subinterfaces are also not supported for IPS-only interfaces.

View solution in original post

Ilkin · ‎05-14-2019

Configuring IPS policy and Inline set pair are two different things: When configured, IPS policy is applied to traffic that is matched by specific access control entry irrespective of interface mode, while Inline set is a way to configure IPS-only interfaces (more information about different interface modes and types is here: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/interface_overview_for_firepower_threat_defense.html).
Firepower 4100/9300 subinterfaces are also not supported for IPS-only interfaces.

drivera_ · ‎05-21-2019

Hello, Ilkin

Thank you so much for your answer and for your valious information. It's more clear now.