Dear Marvin,

can you help me for access policies whether my thinking are correct???  for identity policies i will come to you what is my exact query.

thanks

Clark,

The logic you present for your access control policy seems good.

Dear Marvin,

I have created a identity policy with a rule in which I have a passive authentication and a realm which I configured but still I get the same " exclamation mark on the user while creating the access policies,

For  below access control policies the internet was very slow for every webpage when I disable URL filtering allowing to all the browsing was fast,

Rule 1: action: block , ,zone: inside to outside,,  source :any destination: any url : high risk url  

Result will be block for all users for high risk url

Thanks

Have you deployed the Sourcefire User Agent and is it successfully discovering user-IP mapping and is that information reflected in your "Users" tab of the FirePOWER Manager?

Dear Marvin,

the realm issue solved by changing the Base DN path once I changed the path the users were able to download.

But for the Access Control policies, can u give a base idea how the access control policies are build ?? I want to keep Intrusion policy as a default becz I am controlling everything from firewall ijust wanted a malware, application, url , security intelligence, file filtering to be configured.

Please correct me if I am wrong. Rule 3 will never match ,,, users will not match this rule becz this rule has to be splitted by 2 different rules application filter rule for all user  and url filter separate rule for all user.

Rule 3:  action allow,, zone: inside to outside, source : any destination: any ,, user : USER-ALL url : specific url category application filter: bittorrent block

Result:  no match and traffic will be send to default intrusion policy rule.

Thanks

I din't really think of them as a whole set.

You're right - you need to order them most specific to least specific and consider that the first match will end the rule processing.

Dear Marvin,

I am confuse little to create access policies,below are my thought to create a policies by order ,so please correct me if i am doing wrong.

1. zone: inside to outside  users: all ,,application: bittorrent  block:all
2. zone: inside to outside  users: HOD ,,application: all  allow :all
3. zone: inside to outside  users: managers        permit: all
4. zone: inside to outside  users: head of dep    permit : youtube and other good website.
5. zone: inside to outside  users: all ,,application: instant mesagging,etc etc  block:all
6. zone: inside to outside  users: all    block : pornography,abortion,gambling
7. zone: inside to outside  users: all    permit: categories ( which are not blocked in rule 4)
8. zone: inside to other zones  Network: source  Internal Network   destination other private networks for other companies on firewall users: any  port: any   block: permit
9. zone: inside to outside  Network: Internal Network  users: non corporate users   port: any   block: all
10. Default action: Intrusion policy.

Thanks