Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1940
Views
0
Helpful
4
Replies

Is there anyway to see the content of FMC system provided access control policies?

Go to solution
m1xed0s
Spotlight
Spotlight

‎08-02-2018 06:10 AM - edited ‎02-21-2020 08:02 AM

FMC by default provide multiple Access Control and Intrusion Prevention policies. Is there a way to view the content of the system provided access control policies?

 

Capture1.JPG

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Raghunath Kulkarni
Cisco Employee
Cisco Employee

‎08-05-2018 08:34 PM

The default policies technically fall under three categories:

 

1. Action Based Access.

2. Network Discovery.

3. Intrusion Policies.

 

Under Action Based we have either "Trust" or "Block" all traffic. In both the case, we are not inspecting the traffic but either allowing it or blocking it.

 

Under Network Discovery, we are just fingerprinting the network traffic passing through the box. We allow the traffic in the case.

 

Lastly, with intrusion policy, it means we would allow the traffic if it does not trigger any signatures that are enabled as part of the profile. The signatures that are enabled as part of the policy can be seen via the Policy--> Intrusion Policy.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Troy Jackson
Level 1
Level 1

‎08-02-2018 10:38 AM

Depending on the system-provided base policy that is selected, the settings of the policy vary. To view the policy settings, click the Edit icon next to the policy and then click the Manage Base Policy link.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/overview_of_network_analysis_and_intrusion_policies.html

 

Please remember to rate useful posts, by clicking on the star below.
-Troy J.
0 Helpful

Go to solution
m1xed0s
Spotlight
Spotlight
In response to Troy Jackson

‎08-02-2018 11:08 AM

Thanks, but thats not what I am looking for. My bad. I clarified post.

0 Helpful

Go to solution
Raghunath Kulkarni
Cisco Employee
Cisco Employee

‎08-05-2018 08:34 PM

The default policies technically fall under three categories:

 

1. Action Based Access.

2. Network Discovery.

3. Intrusion Policies.

 

Under Action Based we have either "Trust" or "Block" all traffic. In both the case, we are not inspecting the traffic but either allowing it or blocking it.

 

Under Network Discovery, we are just fingerprinting the network traffic passing through the box. We allow the traffic in the case.

 

Lastly, with intrusion policy, it means we would allow the traffic if it does not trigger any signatures that are enabled as part of the profile. The signatures that are enabled as part of the policy can be seen via the Policy--> Intrusion Policy.

0 Helpful

Go to solution
m1xed0s
Spotlight
Spotlight
In response to Raghunath Kulkarni

‎08-07-2018 07:08 AM

Cool.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card