Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
1
Replies

where do firepower service policy apply is better? and a list of question about firepower?

Maivoko
Level 1
Level 1

‎11-27-2018 07:51 PM - edited ‎03-12-2019 07:07 AM

where do firepower service policy apply is better? and a list of question about firepower?
outside only?

inside only?

or

both outside and inside ?

 

i find that firepower access policy can not choose which interface it apply

where to set this?

 

if no this setting, when apply to both side, in outside case, from private network of outside in source address can access inside.

 

moreover,

should default action to deny all at both side is the best ?

why there are choice of security over connectivity and connectivity over security at default action? which situations use these?

 

another question is

when i set monitor in access rules in firepower, does it mean allow or deny ? where is the monitor result? what action will be done in monitor instead of allow or deny?

 

another more question is

which should i set IPS policy is better and in best practice in home and web site case?

security over connectivity at inside ? or security over connectivity at outside? or deny all at outside?

connectivity over security at inside ? or connectivity over security at outside? or connectivity over security at outside?

 

another one more question is

when to use maximum detection? which case to use? what action will be done when use maximum detection? will it stop malicious traffic flow?

 

bonus question is

if i want to set allow country in firewall just for counting, is there any log or command to count traffic by country?

 

another bonus question is

which application level choice is to select all applications?

Labels:
0 Helpful
1 Reply 1

Abheesh Kumar
VIP Alumni
VIP Alumni

‎11-28-2018 01:44 AM

Hi,

  • Service policy is applied Globally in firepower also.
  • You are applying access based on the security zones, interfaces are bind to security zones.
  • Default action you can change to block all traffic depends on the rules you created in ACP.
  • Security over connectivity enables more number of inspection rules compare to connectivity over security, depends upon your network architecture you can enable.
  • Monitor will not block the traffic, it will monitor and get the alerts and you can see the results in analysis > intrusion events.
  • Balanced & security with firpower recommendation.
  • Choosing the base policy is based upon the network criticality and customer requirements.
  •  If you have TAMC/TAM license you can configure for maximum detection.
  • You can allow traffic country wise and you can get the details details from report.
  • Select a category in application and you will get listed all application belongs to the category you selected and click All apps matching the filter to choose all applications.

 HTH

Abheesh

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card