04-03-2020 01:48 PM - edited 04-03-2020 02:49 PM
e currently run the FMC 4500 and FTD 9300's, and am currently working on a new Access Control Rule, however I don't know that it is possible to create a dependency. Let me explain.
We have a particular service that listens on 80 and 443. I only want to allow 443 access if there is already an established 80 connection. Is it possible to create a dependency to either allow or deny based on if an existing connection on port 80 is already there?
*Edit* Instead of a access control rule it would be snort?
Thanks,
David
Solved! Go to Solution.
04-03-2020 09:30 PM
I don't believe that's possible in the Firepower access control policy as the ACP entries are all processed top down with first match ending the rule processing (unless the action is "Monitor" but even that still doesn't have any parent-child type rule relationship).
That applies for both prefilter (traditional L4 5-tuple, no Snort) as well as ACP (L7) policies.
04-03-2020 09:30 PM
I don't believe that's possible in the Firepower access control policy as the ACP entries are all processed top down with first match ending the rule processing (unless the action is "Monitor" but even that still doesn't have any parent-child type rule relationship).
That applies for both prefilter (traditional L4 5-tuple, no Snort) as well as ACP (L7) policies.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: