FMC 7.4.2 Malware and File Policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2024 11:47 AM
I am trying to create a Malware and File policy but then I attach that to the Access Control Policy I get this warning "File policy rule targeting application protocol 'Any' may never be triggered due to Application selection 'HTTP/2"
If I remove the HTTP application protocol rule from the Malware and File Policy, the warning goes away. I am using Snort 3 in 7.4.2 FTD's in HA.
I have search for this error, but I can't seem to find anything that makes me understand this.
If anyone can explain I will thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2024 12:02 PM
HTTP/2 is de factor TLS-secured only. So a file policy (which counts on seeing unencrypted payload) would not work with HTTP/2 application (unless there were an associated SSL policy doing decryption as well - which is very rare).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2024 12:37 PM
So, if I do SSL Decryption, I can use HTTP in the Malware & File Policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 05:33 AM
We generally use "Any" protocol in the Malware and file Policy and then associate it with specific ACP rules that have a relevant protocol that is amenable to payload inspection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 09:42 AM
That's what I did first and still got the warning.
