03-21-2019 04:20 PM - edited 02-21-2020 08:58 AM
As I begin to work more with the FTD/Sourcefire and FMC combination I really being to miss the ability to tie rules to just an interface and not have to think about order of operation when placing rules. I have mandatory and default, I always put my corporate IPS and Malware rules in the default followed with a Permit Any because my default action is block all. This is for an edge firewall. My issue is I have to be very careful in the order I put things otherwise something can and will get blocked. How are others going about organizing their policies?
03-23-2019 04:46 AM
03-25-2019 06:31 AM
03-25-2019 03:30 PM
My general process for configuring Firepower rules is usually starting with Pre-filter. My last rule in Pre-filter is usually a deny all. On top of that, depending on the use case, it is either block, allow or trust. Allow is usually the rule that i want to add Application,IPS or File control to, while Trust is for traffic that I don't want to apply these additional policies to. The Default policy on the Access Policy is usually just an IPS enabled rule as the block should be taken care of Pre-filter. This especially helps me when moving from ASA to Firepower world rules.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide