Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

341
Views
0
Helpful
2
Replies
sheikhrazib2766
sheikhrazib2766 Beginner
Beginner
‎06-04-2019 04:58 PM
‎06-04-2019 04:58 PM

IPS and Malware Policy

I'm new to Firepower. I'm migrating ASA FW Configuration to Firepower. We will be using FDM and not FMC.

 

My Question is: Should I enable IPS and Malware in every single (allowed) Access Rule OR create a single Rule for IPS and Malware for all the allowed traffic. What is the recommended implementation.

 

Thanks

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Marvin Rhoads
Hall of Fame Guru Marvin Rhoads Hall of Fame Guru
Hall of Fame Guru
‎06-04-2019 10:10 PM
‎06-04-2019 10:10 PM

Re: IPS and Malware Policy

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

0 Helpful
Reply
2 REPLIES 2
Marvin Rhoads
Hall of Fame Guru Marvin Rhoads Hall of Fame Guru
Hall of Fame Guru
‎06-04-2019 10:10 PM
‎06-04-2019 10:10 PM

Re: IPS and Malware Policy

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

0 Helpful
Reply
Highlighted
sheikhrazib2766
sheikhrazib2766 Beginner
Beginner
‎06-04-2019 10:21 PM
‎06-04-2019 10:21 PM

Re: IPS and Malware Policy

Thanks Marvin

0 Helpful
Reply
Latest Contents
The year in cyber threats: A look back at the tools and tact...
Created by Kelli Glass on 12-13-2019 03:37 PM
0
0
0
0
How would your organization perform against the cyberattacks of 2019? Protect your organization in 2020 by learning about the biggest cyberthreats of the year. Read the latest Cisco Cybersecurity Report 
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:19 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future.   Some cybercriminals have specific organizations in mind when they’re planning an attac... view more
#CiscoChat Live: 2019 Cyber Threats of the Year
Created by Kelli Glass on 12-13-2019 03:17 PM
0
0
0
0
Join us live on Tuesday, December 17 at 9 am PT (and on demand after) to learn about the cyber threats of 2019 and how to defend your organization in the future. Some cybercriminals have specific organizations in mind when they’re planning an attack. We l... view more
Stealthwatch Enterprise - what capabilities does it provide ...
Created by ben.greenbaum on 12-12-2019 11:27 AM
0
0
0
0
Threat Response integrates with Cisco Stealthwatch Enterprise (SWE) to provide Visibility into network threats. By adding an SWE module to Threat Response, investigators will be able to search for network flows to or from IP addresses that have been reco... view more
Monitoring Failover status (ASA Cluster, Active/Standby) by ...
Created by Oleg Volkov on 12-12-2019 02:26 AM
0
0
0
0
Hi.Want to know Failover cluster status? If You have PRTG do it in 5 min.Download my sensor.Deploy REST API to Your ASA,sAdd my sensor to PRTG and set parameters:In PRTG device settings add linux user and password (ASA user, which have read permissions)-u... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
FusionCharts will render here