Solved: IPS and Malware Policy

sheikhrazib2766 · ‎06-04-2019

I'm new to Firepower. I'm migrating ASA FW Configuration to Firepower. We will be using FDM and not FMC.

My Question is: Should I enable IPS and Malware in every single (allowed) Access Rule OR create a single Rule for IPS and Malware for all the allowed traffic. What is the recommended implementation.

Thanks

Marvin Rhoads · ‎06-04-2019

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

Marvin Rhoads · ‎06-04-2019

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

sheikhrazib2766 · ‎06-04-2019

Thanks Marvin