Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
3
Replies

Network Analysis Policy and how they really work

Go to solution
babiojd01
Level 1
Level 1

‎05-18-2016 06:35 PM - edited ‎03-12-2019 06:01 AM

So as I read through the Sourcefire User Doc i am starting to get confused about the actual application of network analysis policies. So I know you can pick a default analysis policy via the Access control policy in the advanced section if none match. When reading the advanced documentation it appears that the packets will "pick" a network analysis policy based on the policies created? Can someone clarify this for me?

Labels:
Preview file
283 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎05-18-2016 10:44 PM

Hi

You can create a customer NAP (network analysis policy) but it needs to be selected in advance section of access control policy. If default policy is selected there, default policy will be applied.

There is an option where you can create custom rules for custom NAP. For example, you want to use the default 1 for all traffic and for specific network, need a custom NAP. You can do that in advance section of access control policy.

Rate if helps.

Yogesh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎05-18-2016 10:44 PM

Hi

You can create a customer NAP (network analysis policy) but it needs to be selected in advance section of access control policy. If default policy is selected there, default policy will be applied.

There is an option where you can create custom rules for custom NAP. For example, you want to use the default 1 for all traffic and for specific network, need a custom NAP. You can do that in advance section of access control policy.

Rate if helps.

Yogesh

0 Helpful

Go to solution
babiojd01
Level 1
Level 1
In response to yogdhanu

‎05-19-2016 05:16 AM

I forgot all about that section. :) I think it would make more sense to move that out of there due to the confusion of policy application.

0 Helpful

Go to solution
J. K.
Level 1
Level 1

‎11-17-2016 06:26 AM

What about Network Analysis Policy/ Rate-Based Attack Prevention/ Control Simultaneous Connections option, is there a more detailed explanation on how it really works?

The documentation describes: The rate-based action stops only after a sampling period completes where the sampled rate is below the threshold rate. Where does "sampling period" configuration take place? 

Thanks in advance

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card