12-02-2015 11:02 AM - edited 03-12-2019 05:50 AM
I have to SFR setup on 5525-X with firesight appliance.
The default network deiscovery mode works fine, I can see the Analysis -> connection evets.
Now I want to switch to IPS inline mode by creating IPS policy called My_Policy as below
Under Policy -> intrusion policy - create new (base policy: Initial Inline Policy)
Now apply the policy by
Policies -> Access Control -> Default Network Discovery -> Edit
Here I see Admin Rules, Std rules, Root rules emty.
Default Action -> Intrusion Prevenstion: My_Policy
Log at the End of the connection
Send connection events to Defense Center - > Apply.
I have also defined
Objects - > Variable Set
Home_net (to reflects all local subnets)
external_net (exclude Home_net)
----------------------------------------
Now when I access Access Control, the polciy still remains as Network Discovery Control. It should change to My_Policy right?
Why is that Admin Rules, Std rules, Root rules are empty? Do I need to define them separately?
12-02-2015 03:49 PM
Hi,
After clicking Apply , did you deploy it ? Deploy button is on the top right hand corner .
Regards,
Aastha Bhardwaj
12-02-2015 07:42 PM
At top most there is "Save & Apply" This is done.
I do not see Deploy Option anywhere.
12-03-2015 02:15 PM
Hi,
Sorry but whats the version on Defense Center ? Once you apply it can you check if it says Completed in the Task status ?
Regards,
Aastha Bhardwaj
12-03-2015 09:02 PM
Version is 3.4 updated recently, with earlier cisco IPS on ASA, I could apply the default IPS policies, is is not the case with SFR?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide