Re: Bypassing Security Intelligence for a specific ACP entry

Ditter · ‎12-25-2023

Hi,

is there a way to bypass SI for a specific ACP entry?

As i see it , security intelligence binds to the ACP as a whole.

But is there any way that an ACP entry to bypass the check of the security intelligence?

Thanks,

Ditter

balaji.bandi · ‎12-25-2023

check below guide :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212321-clarify-the-firepower-threat-defense-acc.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security_intelligence_blacklisting.html#ID-2192-00000005

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎12-25-2023

Add new entry in ACP and action is trust' this make specific traffic bypass all Snort include SI.

MHM

Ditter · ‎12-25-2023

Thanks for the suggestion. I thought about this trust relationship, but what i want is a specific vlan to be checked against the ACP but now checked against SI. If i have this vlan in trust relationship it will not be checked against the ACP policy rules.

Can we check a vlan against SI but not bypass the ACP rules?

Ditter

MHM Cisco World · ‎12-25-2023

this flow' there is no other than ACP trust can make specific vlan bypass SI and all snort.

Remember we talk about l3-l4 so only prefilter and acp can do that.

MHM

mitchelhorstone · ‎12-25-2023

Engaging in activities that circumvent security measures without authorization can have serious consequences and may violate ethical and legal standards.

Marvin Rhoads · ‎12-26-2023

You would have to allow the traffic via a prefilter rule (or set of rules).

What is the reason behind not wanting SI to apply?

Ditter · ‎12-26-2023

Thanks for the answer.

I want to have a test vlan so that it can bypass the SI in order to check the results (or not) of the SI.

Ditter · ‎12-27-2023

I was thinking about nested ACPs. As i see SI is an inherited feature so if i used inheritance could i do that?