Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
1
Replies

Firepower Intrusion policy update

raymondluis13
Level 1
Level 1

‎10-09-2022 08:38 PM

Lets say, in august firepower have 100000 intrusion policies. Then i use firepower recommendation in august and it applied 9000 out of 100000 policies. 

Now in september, firepower has an update from 100000 intrusion policies to 105000 intrusion policies. What happens to my intrusion policies? does my applied intrusion policies become 14000? does my applied intrusion policies become somewhere in the middle between 9000 to 14000? or does it stay the same?

RL
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎10-10-2022 01:19 AM

The active intrusion policies will depend on traffic and host information collected and analysed by the FTD device.  Also, the Firepower recommendations are not automatically taken into use, you need to run the recommendations again and confirm the usage of the recommendations.  So, if there are new policies added in an update, and you run the Firepower recommendations, any newly added or disabled rules will depend on collected and analysed host and traffic information.  So you might have more more active policies than you did before, but it could also be possible that you will have fewer active policies if there have been significant changes to the hosts in the network.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card