Associating other policies with access control

Use an access control policy's advanced settings to associate one of each of the following subpolicies with the access control policy:

  • Prefilter policy—Performs early traffic handling using limited network (layer 4) outer-header criteria.

  • SSL policy—Monitors, decrypts, blocks, or allows application layer protocol traffic encrypted with Secure Socket Layer (SSL) or Transport Layer Security (TLS).

    Caution

    Snort 2 only. Adding or removing a decryption policy restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the assigned device handles traffic. See Snort Restart Traffic Behavior for more information.

  • Identity policy—Performs user identification based on the realm and authentication method associated with the traffic.

Before you begin

Before associating a decryption policy with an access control policy, review the information about TLS server identity discovery in Access control policy advanced settings.

Procedure

Step 1

In the access control policy editor, click the Advanced tab .

Step 2

Click Edit (edit icon) in the appropriate policy settings area.

If View (View button) appears instead, settings are inherited from an ancestor policy, or you do not have permission to modify the settings. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 3

Choose a policy from the drop-down list.

If you choose a user-created policy, you can click the edit icon that appears to edit the policy.

Step 4

Click OK.

Step 5

Click Save to save the access control policy.

What to do next

  • Deploy configuration changes.