Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1433
Views
15
Helpful
7
Replies

Intrusion Rules in Cisco FMC

Go to solution
NeWGuy1109
Level 1
Level 1

‎06-03-2022 11:22 AM - edited ‎06-03-2022 12:09 PM

I have configured around 300 rules in FMC.. a recent requirement is to apply an IPS Policy to all the rules..is there a way an Intrusion Policy can be applied all at once to an entire ACL ? its really inconvenient to edit 300 rules and apply an IPS Policy there.

 

Also, if i am not using inline mode does Intrusion Policy will act as an IDS only ? it wont drop any traffic ? in custom intrusion policy "drop when inline mode" is specific for inline modes only ?

 

Any help is appreciated

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-13-2022 07:41 AM

Just select all the rules in the ACP at once (select first one, hold down shift key and then select last one) and right click to edit. You may need to change your display rules per page (bottom right) so that you can see and select all of them at once.

Common tasks (such as IPS policy) will be selectable to change them.

FMC - edit multiple rulesFMC - edit multiple rules

View solution in original post

7 Replies 7

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎06-03-2022 07:45 PM

Hi,

You can do this through FMC APIs. But from GUI that is not possible. You
can write your own API loop script to edit the setting.

**** please remember to rate useful posts
0 Helpful

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Mohammed al Baqari

‎06-04-2022 02:22 AM

Thanks...any link i can refer for such scripts? 

 

0 Helpful

Go to solution
NeWGuy1109
Level 1
Level 1

‎07-13-2022 02:49 AM

If i do not select "Drop when Inline" will the IPS function as an IDS only regardless of rule actions ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-13-2022 07:41 AM

Just select all the rules in the ACP at once (select first one, hold down shift key and then select last one) and right click to edit. You may need to change your display rules per page (bottom right) so that you can see and select all of them at once.

Common tasks (such as IPS policy) will be selectable to change them.

FMC - edit multiple rulesFMC - edit multiple rules

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Marvin Rhoads

‎07-13-2022 08:39 AM

Incredible !!!  that was very helpful Marvin.

One more thing if you can please help out with.. if in IPS policy i have unchecked "Drop when Inline" will my policy act as an IDS ?

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎07-13-2022 08:48 AM

Deselecting "Drop when Inline" will indeed make the sensor function like what is sometimes referred to as an Intrusion Detection System (IDS) vs. an Intrusion Prevention System (IPS). I seldom see that used in practice though as it removes most of the utility of actually preventing intrusions.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card