08-02-2018 06:10 AM - edited 02-21-2020 08:02 AM
FMC by default provide multiple Access Control and Intrusion Prevention policies. Is there a way to view the content of the system provided access control policies?
Solved! Go to Solution.
08-05-2018 08:34 PM
The default policies technically fall under three categories:
1. Action Based Access.
2. Network Discovery.
3. Intrusion Policies.
Under Action Based we have either "Trust" or "Block" all traffic. In both the case, we are not inspecting the traffic but either allowing it or blocking it.
Under Network Discovery, we are just fingerprinting the network traffic passing through the box. We allow the traffic in the case.
Lastly, with intrusion policy, it means we would allow the traffic if it does not trigger any signatures that are enabled as part of the profile. The signatures that are enabled as part of the policy can be seen via the Policy--> Intrusion Policy.
08-02-2018 10:38 AM
Depending on the system-provided base policy that is selected, the settings of the policy vary. To view the policy settings, click the Edit icon next to the policy and then click the Manage Base Policy link.
08-02-2018 11:08 AM
Thanks, but thats not what I am looking for. My bad. I clarified post.
08-05-2018 08:34 PM
The default policies technically fall under three categories:
1. Action Based Access.
2. Network Discovery.
3. Intrusion Policies.
Under Action Based we have either "Trust" or "Block" all traffic. In both the case, we are not inspecting the traffic but either allowing it or blocking it.
Under Network Discovery, we are just fingerprinting the network traffic passing through the box. We allow the traffic in the case.
Lastly, with intrusion policy, it means we would allow the traffic if it does not trigger any signatures that are enabled as part of the profile. The signatures that are enabled as part of the policy can be seen via the Policy--> Intrusion Policy.
08-07-2018 07:08 AM
Cool.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: