cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
636
Views
0
Helpful
4
Replies

FMC 7.4.2 Malware and File Policy

emurray
Level 1
Level 1

I am trying to create a Malware and File policy but then I attach that to the Access Control Policy I get this warning "File policy rule targeting application protocol 'Any' may never be triggered due to Application selection 'HTTP/2"

If I remove the HTTP application protocol rule from the Malware and File Policy, the warning goes away. I am using Snort 3 in 7.4.2 FTD's in HA. 

 

I have search for this error, but I can't seem to find anything that makes me understand this.

If anyone can explain I will thank you. 

 

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

HTTP/2 is de factor TLS-secured only. So a file policy (which counts on seeing unencrypted payload) would not work with HTTP/2 application (unless there were an associated SSL policy doing decryption as well - which is very rare).

So, if I do SSL Decryption, I can use HTTP in the Malware & File Policy?

We generally use "Any" protocol in the Malware and file Policy and then associate it with specific ACP rules that have a relevant protocol that is amenable to payload inspection.

That's what I did first and still got the warning. 

Review Cisco Networking for a $25 gift card