Cisco Firepower 1010 Getting Started page 34
Hide thumbs
Also See for Firepower 1010:
- Getting started manual (190 pages) ,
- Hardware installation manual (50 pages) ,
- Deployment manual (8 pages)
Advertisement
Configuring Security Policies
Changes are not active on the device until you deploy them. See
What to do next
Click Policies in the main menu and configure the security policy for the system. You can also click Objects
to configure the objects needed in those policies.
Configuring Security Policies
Use the security policies to implement your organization's acceptable use policy and to protect your network
from intrusions and other threats.
Procedure
Step 1
Click Policies.
The Security Policies page shows the general flow of a connection through the system, and the order in which
security policies are applied.
Step 2
Click the name of a policy and configure it.
You might not need to configure each policy type, although you must always have an access control policy.
Following is a summary of the policies:
• SSL Decryption—If you want to inspect encrypted connections (such as HTTPS) for intrusions, malware,
• Identity—If you want to correlate network activity to individual users, or control network access based
• Security Intelligence—Use the Security Intelligence policy to quickly drop connections from or to
• NAT (Network Address Translation)—Use the NAT policy to convert internal IP addresses to externally
• Access Control—Use the access control policy to determine which connections are allowed on the
• Intrusion—Use the intrusion policies to inspect for known threats. Although you apply intrusion policies
Getting Started
34
and so forth, you must decrypt the connections. Use the SSL decryption policy to determine which
connections need to be decrypted. The system re-encrypts the connection after inspecting it. See
Configuring SSL Decryption
on user or user group membership, use the identity policy to determine the user associated with a given
source IP address. See
Configuring Identity
selected IP addresses or URLs. By blocking known bad sites, you do not need to account for them in
your access control policy. Cisco provides regularly updated feeds of known bad addresses and URLs
so that the Security Intelligence block lists update dynamically. Using feeds, you do not need to edit the
policy to add or remove items in the block lists. See
routeable addresses. See
Configure
network. You can filter by security zone, IP address, protocol, port, application, URL, user or user group.
You also apply intrusion and file (malware) policies using access control rules. Use this policy to
implement URL filtering. See
using access control rules, you can edit the intrusion policies to selectively enable or disable specific
intrusion rules. See
Intrusion
Policies.
Policies.
Configuring Security
NAT.
Configuring the Access Control
Policies.
Deploying Your Changes, on page
Intelligence.
Policy.
Getting Started
35.
Advertisement
