cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
649
Views
0
Helpful
3
Replies

Examples of creating custom network analysis rules

babiojd01
Level 1
Level 1

Does anyone have any examples of custom network analysis rules (advanced section of Access control policy). I have tuned the NA policy based on reassembly and fragmentation but I am trying to imagine a scenario where you would need a custom na rule. Please include pics if you can.

3 Replies 3

Oliver Kaiser
Level 7
Level 7

In case you want to tweak specific settings for performance/security it does make sense to create a network analysis policy.

For example you could ignore ftp transfers to improve performance on ftp data transfers, specify the HTTP methods you wish to inspect using the http pre-processor or enable event triggers for tcp session hijacking etc.

It really depends on what you want to achieve but normally you do not  need to edit these settings, just keep them in mind in case you find a corner-case that needs specific tweaks to how traffic is handled.

Yea i agree but in my case i have linux servers behind the same IPS. I would edit the reassembly part of the policy and specify the ip address and linux. Same with the fragmentation section.The part i am curious about is creating a special rule in the advanced section of a access control policy. I would be interested to see an example in a scenario where you need custom rules. 

 

I would consider custom rules the equivalent of modular policy framework on asa side. You may change certain processing parameters based on an acl. For example if you do not wish to change network analysis settings globally, you could use a specific custom rule so it only affects certain traffic, you want to treat differently and everything else will be processed using the default rule.

Review Cisco Networking for a $25 gift card