Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
2
Replies

IPS and Malware Policy

Go to solution
sheikhrazib2766
Level 1
Level 1

‎06-04-2019 04:58 PM

I'm new to Firepower. I'm migrating ASA FW Configuration to Firepower. We will be using FDM and not FMC.

 

My Question is: Should I enable IPS and Malware in every single (allowed) Access Rule OR create a single Rule for IPS and Malware for all the allowed traffic. What is the recommended implementation.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-04-2019 10:10 PM

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-04-2019 10:10 PM

Access Control Policy rules are first match (except for Monitor action rules) so I recommend specifying an IPS and Malware policy associated with each Allow rule. Exceptions would be things like a rule allowing encrypted traffic (ssl/tls, ssh etc.) where we won't be able to inspect files anyway.

0 Helpful

Go to solution
sheikhrazib2766
Level 1
Level 1
In response to Marvin Rhoads

‎06-04-2019 10:21 PM

Thanks Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card