Solved: Firepower DMZ ACP

NETAD · ‎12-24-2017

Hello, I recently made a deployment and created only Inside--->Outside Access rules with file and intrusion policies. My question is should I also create Outside--->DMZ rules with IPS to prevent inbound attack?

Marvin Rhoads · ‎12-24-2017

If you don't have any rules allowing Outside-DMZ then you wouldn't need any specific policies.

In all cases you should have a default Intrusion Policy (usually "Balanced Security and Connectivity") in the event that no more specific rules are matched.

View solution in original post

Marvin Rhoads · ‎12-24-2017

If you don't have any rules allowing Outside-DMZ then you wouldn't need any specific policies.

In all cases you should have a default Intrusion Policy (usually "Balanced Security and Connectivity") in the event that no more specific rules are matched.

NETAD · ‎12-24-2017

No rules from outside—dmz but There are ACLs allowing inbound to the DMZ which should be processed first.

babiojd01 · ‎11-02-2018

What i do is create zones for outside and dmz. I then apply the Security Over Connectivity linking source zone of outside to destination zone of dmz. My variables then become $homenet and $external_net = !$homenet. What Marvin said works as well.