Skip to main content

 

 

Cisco Defense Orchestrator

Making Exceptions to the Firepower Security Intelligence Policy Blocked Lists

For each blocked list you create in a Firepower security intelligence policy, you can create an associated allowed list. The only purpose of the allowed list is to make an exception for IP addresses or URLs that appear in the blocked list. That is, if you find an address or URL you need to use, and you know to be safe, is in a feed configured on the blocked list, you can exempt that address or URL by putting in the allowed list. This way, you don't need to remove an entire feed from the blocked list for the sake of one address or URL.

After passing through the security intelligence policy, allowed traffic is subsequently evaluated by the access control policy. The ultimate decision on whether the connections are allowed or dropped is based on the access control rule the connections match. The access rule also determines whether intrusion or malware inspection is applied to the connection.