- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2020 01:48 PM - edited 04-03-2020 02:49 PM
e currently run the FMC 4500 and FTD 9300's, and am currently working on a new Access Control Rule, however I don't know that it is possible to create a dependency. Let me explain.
We have a particular service that listens on 80 and 443. I only want to allow 443 access if there is already an established 80 connection. Is it possible to create a dependency to either allow or deny based on if an existing connection on port 80 is already there?
*Edit* Instead of a access control rule it would be snort?
Thanks,
David
Solved! Go to Solution.
- Labels:
-
Other NAC
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2020 09:30 PM
I don't believe that's possible in the Firepower access control policy as the ACP entries are all processed top down with first match ending the rule processing (unless the action is "Monitor" but even that still doesn't have any parent-child type rule relationship).
That applies for both prefilter (traditional L4 5-tuple, no Snort) as well as ACP (L7) policies.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2020 09:30 PM
I don't believe that's possible in the Firepower access control policy as the ACP entries are all processed top down with first match ending the rule processing (unless the action is "Monitor" but even that still doesn't have any parent-child type rule relationship).
That applies for both prefilter (traditional L4 5-tuple, no Snort) as well as ACP (L7) policies.
