cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
306
Views
5
Helpful
1
Replies
Highlighted
Beginner

Cisco FirePower Recommendation Rules at IPS

Once an IPS Policy is created with FirePower Recommendations  , next day if there are any updates from Cisco for "FirePower Recommendations" does not it get applied to the Policy automatically ? or we need to update the "FirePower Recommendations" with  "Update Recommendations" option from the already created IPS Policy ?

 

Also what it does for " Recurring Rule Update Imports " at FMC >> System >> Updates Section ? Is it equivalent to .vrt  file  ?

1 REPLY 1
Hall of Fame Master

Re: Cisco FirePower Recommendation Rules at IPS

Once you have Generated (and Use) Firepower Recommendations in your Intrusion Policy, the system does not change them unless and until you choose to "Update Recommendations" manually or create a scheduled task to do so for you (and deploy policy afterwards). You would do the latter via System > Tools > Scheduling. Create a new task and choose job type "Firepower Recommended Rules".

The "Recurring Rule Updates" are indeed the vrt (Vulnerability Research Team) files which comprise the Snort Rule Updates (SRU).

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards