cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
989
Views
0
Helpful
2
Replies

FMC policy configuration problem

wupeifeng
Level 1
Level 1

hello,everyone

I am confused about two FMC policy Configuration problem,

question one:

on the advance config of  the access control policy , As shown in the following figure:

when I chose this option ,invoking intrusion policy on here ,is that mean intrusion policy taken into effect all traffic before access control policy handle traffic?

2018-07-18_22-38-41.png

question two:

when FTD interface on route or transparent mode ,can this option be taken into effect ?

for example :when i chose this option, it drop traffic ,otherwise it don't.

2018-07-18_22-40-12.png

i hope someone can  answer my question,thanks

1 Accepted Solution

Accepted Solutions

Raghunath Kulkarni
Cisco Employee
Cisco Employee

Hi,

 

Please find the answers inline to the questions.

 

A1: The option of intrusion policy before the access control policy is determined will be applicable for all the traffic that is coming to the device. If any of the incoming traffic matches the intrusion policy associated under this option it will be dropped. Else it would go to access control policy and take action based on rule match.

 

A2: For any traffic that matches the intrusion policy unless the action "drop when inline" is not selected, the traffic will not be dropped. This is applicable to both routed mode as well as transparent mode.

 

In case if "drop when inline" is not selected, you would notice a lot of "would have dropped events"

 

 

View solution in original post

2 Replies 2

Raghunath Kulkarni
Cisco Employee
Cisco Employee

Hi,

 

Please find the answers inline to the questions.

 

A1: The option of intrusion policy before the access control policy is determined will be applicable for all the traffic that is coming to the device. If any of the incoming traffic matches the intrusion policy associated under this option it will be dropped. Else it would go to access control policy and take action based on rule match.

 

A2: For any traffic that matches the intrusion policy unless the action "drop when inline" is not selected, the traffic will not be dropped. This is applicable to both routed mode as well as transparent mode.

 

In case if "drop when inline" is not selected, you would notice a lot of "would have dropped events"

 

 

thanks for reply,i am clearly understood
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: