Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
636
Views
0
Helpful
4
Replies

FMC 7.4.2 Malware and File Policy

emurray
Level 1
Level 1

‎10-21-2024 11:47 AM

I am trying to create a Malware and File policy but then I attach that to the Access Control Policy I get this warning "File policy rule targeting application protocol 'Any' may never be triggered due to Application selection 'HTTP/2"

If I remove the HTTP application protocol rule from the Malware and File Policy, the warning goes away. I am using Snort 3 in 7.4.2 FTD's in HA. 

 

I have search for this error, but I can't seem to find anything that makes me understand this.

If anyone can explain I will thank you. 

 

0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-21-2024 12:02 PM

HTTP/2 is de factor TLS-secured only. So a file policy (which counts on seeing unencrypted payload) would not work with HTTP/2 application (unless there were an associated SSL policy doing decryption as well - which is very rare).

0 Helpful

emurray
Level 1
Level 1
In response to Marvin Rhoads

‎10-21-2024 12:37 PM

So, if I do SSL Decryption, I can use HTTP in the Malware & File Policy?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to emurray

‎10-22-2024 05:33 AM

We generally use "Any" protocol in the Malware and file Policy and then associate it with specific ACP rules that have a relevant protocol that is amenable to payload inspection.

0 Helpful

emurray
Level 1
Level 1
In response to Marvin Rhoads

‎10-22-2024 09:42 AM

That's what I did first and still got the warning. 

0 Helpful
Review Cisco Networking for a $25 gift card
li.common.scroll-to.top