Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
190
Views
0
Helpful
2
Replies

Security Intelligence (SI) on FDM managed devices.

5010
Frequent Visitor
Frequent Visitor

‎06-17-2026 11:33 PM

Hi all,

In FMC, both IPS and Security Intelligence (SI) can be deployed in a detection/monitor-only mode for tuning and false-positive validation before enabling blocking.

In FDM, I can only find a Detection mode option for IPS. SI appears to be block-only with no monitor mode.

what is the general recommendation for safely deploying and tuning SI on FDM-managed FTD devices?

Thanks.

0 Helpful
2 Replies 2

Aref Alsouqi
VIP
VIP

‎06-18-2026 03:49 AM

If you configure detection on your policy you will be good to go because in that case the FTD will detect any potential intrusion event but it won't be blocking any traffic. Once you are happy with the detections you can then go and switch from detection to prevention.

0 Helpful

jamiewalls02
Community Member

‎06-18-2026 04:50 AM - edited ‎06-18-2026 08:51 PM

FDM does not provide a monitor-only mode for Security Intelligence like FMC does. A common approach is to start with a limited, high-confidence SI policy, monitor connection events and logs closely, and gradually expand the block lists as Engage PEO login you validate there are no false positives. Testing in a non-production environment first, where possible, is also recommended.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card