FMC warning

benolyndav · ‎03-28-2022

Hi

So this morning I have created a new access control rule on Firepower and when I selected the intrusion policy I now see the below warning is can I still proceed with the new rule or could this cause issues.??

Snort 2 and Snort 3 version of this policy are not the same. Please make sure that any customizations are maintained independently.

Karsten Iwen · ‎03-28-2022

You can proceed here, but you should think about if it's relevant for you.

Managed by FMC, you could have Firewalls running Snort2 and you could have Firewalls running Snort3. If you apply an intrusion policy where the Snort2 and Snort3-settings differ, the protection will be different.

benolyndav · ‎03-28-2022

Hi

We upgraded the FMC to 7.0.1 but havent upgraded the FTD's yet our FTD's are running snort 2 I have checked so both same version could it cause issues if new access control rules are created.??

thanks

Karsten Iwen · ‎03-28-2022

Yes, just go ahead with your deployment. While still running Snort2, nothing will change. But when you later move to Snort3, you should make sure that your Intrusion policy is also implemented for that Snort version.

benolyndav · ‎03-28-2022

Hi
found this link from FMC page looks like its ok .??

Snort version per Firepower Threat Defense—The Snort inspection engine is Firepower Threat Defense (FTD) specific and not Firepower Management Center (FMC) specific. FMC can manage several FTDs, each with either versions of Snort (Snort 2 and Snort 3). Although the FMC's intrusion policies are unique, the system applies Snort 2 or Snort 3 version of an intrusion policy for intrusion protection depending on the device's selected inspection engine. For more information on the inspection engine on the device, see Enable and Disable Snort 3.