Firepower will generate the

evan.chadwick1 · ‎06-21-2017

Hi,

If you have say 5 subnets of different traffic requirements

1/ corporate users

2/ payment equipment subnet

3/ dmz

4/ corporate wifi

5/ some other requirement

Would one get better IPS recommendations if you created 5 IPS policies and defined the scope within recommendations according to each of the 5 above? Or would the Firepower recommendations be just as accurate with one IPS policy and it trying to recommend for the entirety?

Similarly if you had a Datacentre Firepower and say 10 sites with Firepower would it be best to use a different IPS policy from the sites for the datacentre, with Recommendations defined just for the Datacentre ?

Dennis Perto · ‎06-27-2017

Firepower will generate the recommendations based on the hosts discovered (host profiles) on all sensors.

If you have multiple domains (multi tenancy in v6.0+) within that FMC, each with an IPS sensor, you will se differences in the generated recommendations.

Edit: maybe I misunderstood the question. It is ofcause possible to limit the networks to base the recommendations on, but in my opinion this barely makes sense.

You will use a lot of memory on the sensor if you apply 5 different IPS policies - one for each network.

evan.chadwick1 · ‎07-05-2017

Got you.

if you had a Datacentre Firepower and say 10 sites with Firepower would it be best to use a different IPS policies for the sites and a different policy for the datacentre, with host Recommendations defined just for the Datacentre hosts?

Or will FMC base the recommendations on all hosts seen for both datacentre and sites?

Dennis Perto · ‎07-12-2017

If you want the same policy on all 10 sites I recommend that you only make one IPS policy and make the recommendations based on all your subnets.

IPS Firepower recommendations