FMC 7.4.2 Malware and File Policy

emurray · ‎10-21-2024

I am trying to create a Malware and File policy but then I attach that to the Access Control Policy I get this warning "File policy rule targeting application protocol 'Any' may never be triggered due to Application selection 'HTTP/2"

If I remove the HTTP application protocol rule from the Malware and File Policy, the warning goes away. I am using Snort 3 in 7.4.2 FTD's in HA.

I have search for this error, but I can't seem to find anything that makes me understand this.

If anyone can explain I will thank you.

Marvin Rhoads · ‎10-21-2024

HTTP/2 is de factor TLS-secured only. So a file policy (which counts on seeing unencrypted payload) would not work with HTTP/2 application (unless there were an associated SSL policy doing decryption as well - which is very rare).

emurray · ‎10-21-2024

So, if I do SSL Decryption, I can use HTTP in the Malware & File Policy?

Marvin Rhoads · ‎10-22-2024

We generally use "Any" protocol in the Malware and file Policy and then associate it with specific ACP rules that have a relevant protocol that is amenable to payload inspection.

emurray · ‎10-22-2024

That's what I did first and still got the warning.

FMC 7.4.2 Malware and File Policy

does TCP_Bypass support fmc 7.4.2

Secure Firewall – Tips - Malware and File policies

GeoLocation IP Package Download In 7.4.2 FMC

503 Error after upgrading FMC to 7.4.2.1 from 7.4.2

Malware Policy