Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1325
Views
10
Helpful
1
Replies

Firepower recommendations for intrusion polciy

ashaw216
Level 1
Level 1

‎11-14-2019 09:38 AM

We have a separate intrusion policy for ingress trafffic from the internet to our DMZ servers. When I run Firepower Recommendation on this policy, it suggests changing dozens of old browser vulnerability snort rules from Disabled to Generate Event and Drop. I'm trying to figure out why it thinks these are needed. Can anyone shed some light on this?
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-16-2019 09:01 PM

Is your network discovery policy properly set to include discovery of only $HOME_NET and exclude $EXTERNAL_NET?

If it isn't, it may be making recommendations based on the observed incoming user-agents (which loosely map to browser types).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card