Hello Friends! I need an advice.How better to create rules for access control policy? I had not practice.
How I do that.
1.Policies -> access control -> Here create My Policy
2.In my new policy I can create different rules, which can either block or allow.
For example I have rule 1 (it inspect my network use intrusion policy and inspect files).
rule2 - I want to deny access one of my computer to sait.I use BLOCK action and it works!
Is it right to use rules or maybe i do it wrong?
P.S. I used the follow structure of the network:
WAN - ASA - FIREPOWER - LAN (asa and firepower work separately, i do not use modules for asa, i have firepower and fire sight)
Are there any errors beside your rules when you have them in the order that they are in? (Yellow Triangle with explanation point)?
Also, have you tried switching those two rules spots, to see if that would affect the top - down matching criteria.
Since Rule 4 works and rule two doesn't;
Try removing the all the filters on rule two except the URLs that you don't want to access. Do you want them to be an "interactive block"?
=Rule2= "any""any", then URLs, and Block
Hello! I need an advice.
I have access policy and I do not know use it right or not?
Is it need to add rule with INTRUSION POLICY or it will be used as default (default action)?
And I want to detect files. Do I need to use it as a individual rule. Or I need to use it with intrusion policy? (7)
I would suggest you to create Block statement on top because it is specific to 1 PC , the rules are matched from top to bottom , so if the rule matches first it wont even look for other rules . So more specific rules should be places on top and then followed by generic rules.
Rate if that helps!!!