Associating Other Policies with Access Control

Use an access control policy's advanced settings to associate one of each of the following subpolicies with the access control policy:

  • SSL policy—Monitors, decrypts, blocks, or allows application layer protocol traffic encrypted with Secure Socket Layer (SSL) or Transport Layer Security (TLS).

    Caution

    Snort 2 only. Adding or removing an SSL policy restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior for more information.

  • Identity policy—Performs user authentication based on the realm and authentication method associated with the traffic.

  • Prefilter policy—Performs early traffic handling using limited network (layer 4) outer-header criteria.

Before you begin

Before associating an SSL policy with an access control policy, review the information about TLS server identity discovery in Access Control Policy Advanced Settings.

Procedure

Step 1

In the access control policy editor, click the Advanced tab .

Step 2

Click Edit (edit icon) in the appropriate Policy Settings area.

If View (View button) appears instead, settings are inherited from an ancestor policy, or you do not have permission to modify the settings. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 3

Choose a policy from the drop-down list.

If you choose a user-created policy, you can click edit that appears to edit the policy.

Step 4

Click OK.

Step 5

Click Save to save the access control policy.

What to do next