Create or Edit an FDM-Managed Access Control Policy
Use this procedure to edit an FDM-managed access control policy using Cisco Security Cloud Control:
Procedure
Step 1 | In the left pane, click . | ||
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. | ||
Step 3 | Click the FTD tab and whose access control whose policy you want to edit. | ||
Step 4 | In the Management pane at the right, select Policy. | ||
Step 5 | Do any of the following:
When editing or adding a rule, continue with the remaining steps in this procedure. | ||
Step 6 | In the Order field, select the position for the rule within the policy. Network traffic is evaluated against the list of rules in numerical order, 1 to "last." Rules are applied on a first-match basis, so you must ensure that rules with highly specific traffic matching criteria appear above policies that have more general criteria that would otherwise apply to the matching traffic. The default is to add the rule to the end of the list. If you want to change a rule's location later, edit this option. | ||
Step 7 | Enter the rule name. You can use alphanumeric characters, spaces, and these special characters: + . _ - | ||
Step 8 | Select the action to apply if the network traffic is matched by the rule:
| ||
Step 9 | Define the traffic matching criteria by using any combination of attributes in the following tabs:
| ||
Step 10 | (Optional, for rules with the Allow action) Click the Intrusion Policy tab to assign an intrusion inspection policy to inspect traffic for intrusions and exploits. See Intrusion Policy Settings in an FDM Access Control Rule.
| ||
Step 11 | (Optional, for rules with the Allow action) Click the File Policy tab to assign a file policy that inspects traffic for files that contain malware and for files that should be blocked. See File Policy Settings in an FDM Access Control Rule.
| ||
Step 12 | (Optional) Click the logging tab to enable logging and collect connection events reported by the access control rule. See Logging Settings in an FDM Access Control Rule for more information on logging settings. If you subscribe to Cisco Security Analytics and Logging, you can configure connection events in Security Cloud Control and send them to the Secure Event Connector (SEC) by configuring a syslog object with the SEC's IP address and port. See Cisco Security Analytics and Logging for more information about this feature. You would create one syslog object for every SEC that you have onboarded to your tenant, but you would only send events generated by one rule, to one syslog object, representing one SEC. | ||
Step 13 | Click Save. You are now done configuring a specific rule in the security policy. | ||
Step 14 | You can now configure the Default Action for the security policy as a whole. The Default Action defines what happens if network traffic does not match any of the rules in the access control policy, intrusion policy, or file/malware policy. | ||
Step 15 | Click the Default Action for the policy. | ||
Step 16 | Configure an intrusion policy as you did in step 9, above. | ||
Step 17 | Configure logging connection events generated by the Default Action. If you subscribe to Cisco Security Analytics and Logging, you can send events generated by the default action to a Secure Event Connector (SEC) by configuring a syslog object with the SEC's IP address and port. See Cisco Security Analytics and Logging for more information about this feature. You would create one syslog object for every SEC that you have onboarded to your tenant, but you would only send events generated by rule to one syslog object, representing one SEC. | ||
Step 18 | (Optional) For any rule that you created, you can select it and add a comment about it in the Add Comments field. To learn more about rule comments see, Adding Comments to Rules in FTD Policies and Rulesets. | ||
Step 19 | Review and deploy now the changes you made, or wait and deploy multiple changes at once. |