cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1141
Views
0
Helpful
1
Replies

Creation of Prefilter -FMC

The affected device uses the same base access-control policy (and same pre-filter policy) as all our other inline firewalls. Where we have sites that need additional rules, we create a child policy that inherits from the base access-control policy. I want to do something similar for our pre-filter policy – the alternative is to create new access-control/pre-filter policy pairs for each site that is affected by this bug (which will be difficult from a management point of view) or configure exemptions in the base pre-filter policy (which runs the risk of allowing potentially unwanted traffic flows)

 

Can anyone help me?

1 Reply 1

nspasov
Cisco Employee
Cisco Employee

Hi there! Have you considered using "Trust" rules in your ACP instead of pre-filter rules? That way you can still use the policy nesting and all of your rules would be in one spot.

Thank you for rating helpful posts!

Review Cisco Networking for a $25 gift card