cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

341
Views
0
Helpful
2
Replies

IPS and Malware Policy

I'm new to Firepower. I'm migrating ASA FW Configuration to Firepower. We will be using FDM and not FMC.

 

My Question is: Should I enable IPS and Malware in every single (allowed) Access Rule OR create a single Rule for IPS and Malware for all the allowed traffic. What is the recommended implementation.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: IPS and Malware Policy

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

2 REPLIES 2
Hall of Fame Guru

Re: IPS and Malware Policy

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

Highlighted

Re: IPS and Malware Policy

Thanks Marvin

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here