04-18-2016 04:06 PM - edited 03-12-2019 05:58 AM
I logged into the FireSIGHT and clicked on Policies tab -> Access Control tab , it shows
"Access Control policy out-of-date on 2 devices. Intrusion Policies out-of-date on 2 devices".
Clicked on it, it takes me to the pop up screen like this (in attachment1)
Clicked on "out-of-date" link on the pop up screen, it takes me to the Compare View, one of it is comparing my IPS Policy (2015-04-09) with the IPS Policy (2016-04-14). I believe the one in 2015 was the one we first created fireSIGHT and the 2016 is the one I downloaded and installed.
The one in 2016 has a lot of rules while the one in 2015 doesn't and vice versa. Before I hit "Apply selected configurations" button on the attachment1, i want to understand what it will do to the policy that I built in 2015. Because the one built in 2015 was created by a consultant and i don't want to change anything that he made or customized initially if I don't have to.
04-20-2016 07:22 PM
Hi,
If there were any changes made to the policy (in comparison to the one that applied on the sensor) and not pushed to the sensors, your policy will show out of date. Once you apply it to the sensors, it will override the existing policy on the sensor with the new changes.
Thanks,
Pujita
04-22-2016 01:08 PM
Thanks, Pujita. I had the policy created by the consultant, i don't want to change it. Is it recommended to update time to time?
04-25-2016 06:43 AM
Hello, it is recommended to update it with the new set of signatures.
Those signatures should be delivered weekly ( or even often) by either Cisco or other vendor that you use .
05-10-2016 08:34 AM
Thanks, Lonut.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide