Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1081
Views
0
Helpful
0
Replies

Cisco Firepower - Web Servers Policy

STCG
Level 1
Level 1

‎04-28-2020 01:17 AM

Hi All,

 

We're looking to make a change to the intrusion policy setup we use on a deployment, currently we have a single 'master' intrusion policy that we apply to all of our access policy rules. What we're looking to do is have a separate policy just for our web servers that'll only use the rule signatures relevant to the traffic (HTTP/S.)

 

I made a new intrusion policy and used the base policy 'No Rules Active' and then filtered on rules which use the destination port 80/443 and set them to drop and generate events (Aside from the malware CNC.)

 

I've got a couple of questions just regarding the way I've done this:

  1. Will I run into issues with preprocessors, should I change their state from disabled (Only HTTP/S?)
  2. Is there a better way of working?

 

Apologies if this is vague, I've not got a lot of experience with Firepower; any help would be appreciated.

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card