cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6615
Views
10
Helpful
4
Replies

FireSIGHT: Access Controll policy out-of-date

Ve Con
Level 1
Level 1

I logged into the FireSIGHT and clicked on Policies tab -> Access Control tab , it shows

"Access Control policy out-of-date on 2 devices. Intrusion Policies out-of-date on 2 devices".

Clicked on it, it takes me to the pop up screen like this (in attachment1)


Clicked on "out-of-date" link on the pop up screen, it takes me to the Compare View, one of it is comparing my IPS Policy (2015-04-09) with the IPS Policy (2016-04-14).  I believe the one in 2015 was the one we first created fireSIGHT and the 2016 is the one I downloaded and installed.  

The one in 2016 has a lot of rules while the one in 2015 doesn't and vice versa.  Before I hit "Apply selected configurations" button on the attachment1, i want to understand what it will do to the policy that I built in 2015.  Because the one built in 2015 was created by a consultant and i don't want to change anything that he made or customized initially if I don't have to.

4 Replies 4

Pujita Patni
Cisco Employee
Cisco Employee

Hi,

If there were any changes made to the policy (in comparison to the one that applied on the sensor) and not pushed to the sensors, your policy will show out of date. Once you apply it to the sensors, it will override the existing policy on the sensor with the new changes. 

Thanks,

Pujita

Thanks, Pujita.  I had the policy created by the consultant, i don't want to change it.  Is it recommended to update time to time?

Hello, it is recommended to update it with the new set of signatures.

Those signatures should be delivered weekly ( or even often) by either Cisco or other vendor that you use .

Thanks, Lonut.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: