Skip to main content



Cisco Defense Orchestrator

Configuring Access Policy Settings

These settings apply to the access policy as a whole, rather than to specific rules within the policy. 

  1. Open the Devices & Services page.
  2. Select the FTD device whose access control policy you want to edit. 
  3. In the Management pane at the right, select policy_shield_icon.png Policy.
  4. Click the settings AccessPolicySetting.jpgbutton and configure these settings:

    TLS Server Identity Discovery—TLS 1.3 certificates are encrypted. For traffic encrypted with TLS 1.3 to match access rules that use application or URL filtering, the system must decrypt the TLS 1.3 certificate. We recommend that you enable this option to ensure encrypted connections are matched to the right access control rule. The setting decrypts the certificate only; the connection remains encrypted. Enabling this option is sufficient to decrypt TLS 1.3 certificates; you do not need to create a corresponding SSL decryption rule. Available for FTD devices running software version 6.7 or later. 

    Reputation Enforcement on DNS Traffic—Enable this option to apply your URL filtering category and reputation rules to DNS lookup requests. If the fully-qualified domain name (FQDN) in the lookup request has a category and reputation that you are blocking, the system blocks the DNS reply. Because the user does not receive a DNS resolution, the user cannot complete the connection. Use this option to apply URL category and reputation filtering to non-web traffic. For more information, see DNS Request Filtering. Available for FTD devices running software version 7.0 and later. 

  5. Click Save.


  • Was this article helpful?