Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1170
Views
5
Helpful
2
Replies

Policies for Firepower with Passive Interface

wafikmaher
Level 1
Level 1

‎02-19-2019 10:25 AM - edited ‎03-12-2019 07:18 AM

For firepower configured with Passive Interface to do Discovery, show Connection, Intrusion, File, and Malware events, do we need to configure any policies (Discovery, Access Control, Intrusion, Malware&File) similar to those needed for Inline deployments. I have an idea, but not sure about it, which is that the Access Policy assigned to the device, will have no rules, just the Default Action (Discover or IPS), but have no idea how the Malware&File Policy will be applied (if supported in this mode).

Thanks,

Wafik

Labels:
0 Helpful
2 Replies 2

aandersons
Level 1
Level 1

‎02-19-2019 01:45 PM

For a passive sensor you would still have to write some policy to inspect, or perform discovery, on traffic. The difference would be that even if you were to make the policy inline, the sensor wouldn't be able to convict and drop traffic.

If you're just looking for passive sensing:

  • Create network discovery policy
  • Create appropriate variables, zones, interfaces, etc.
  • Create an access policy that handles your traffic appropriately, if all you really want is detection, then set the default action to detect. If you want some of the other functionality that is under the Inspection tab, within a rule. Then write one rule that sends all traffic to the IDS policy and you can apply the file policy to that traffic as well.

wafikmaher
Level 1
Level 1
In response to aandersons

‎02-20-2019 06:12 PM

Thanks aandersons
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card