Managing Intrusion Policies

On the Intrusion Policy page (Policies > Access Control > Intrusion) you can view your current custom intrusion policies, along with the following information:

the time and date the policy was last modified (in local time) and the user who modified it
whether the Drop when Inline setting is enabled, which allows you to drop and modify traffic in an inline deployment. An inline deployment could be configurations that are deployed to devices using routed, switched, or transparent interfaces, or inline interface pairs.
which access control policies and devices are using the intrusion policy to inspect traffic
whether a policy has unsaved changes, as well as information about who (if anyone) is currently editing the policy

Procedure

Step 1

Choose Policies > Access Control > Intrusion.

Step 2

Manage your intrusion policy:

Compare—Click Compare Policies; see Comparing policies.
Create — Click Create Policy; see:
- Creating a Custom Snort 2 Intrusion Policy for Snort 2 policies.
- Creating a Custom Snort 3 Intrusion Policy topic in the latest version of the Cisco Secure Firewall Management Center Snort 3 Configuration Guide for Snort 3 policies.
Delete — Click Delete () next to the policy you want to delete. The system prompts you to confirm and informs you if another user has unsaved changes in the policy. Click OK to confirm.

If the controls are dimmed, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.
Edit — Choose:
- Snort 2 Version; see Editing Snort 2 Intrusion Policies.
- Snort 3 Version; see Editing Snort 3 Intrusion Policies topic in the latest version of the Cisco Secure Firewall Management Center Snort 3 Configuration Guide.
If View () appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.
Export — If you want to export an intrusion policy to import on another Secure Firewall Management Center, click YouTube EDU (); see Exporting Configurations.
Deploy—Choose Deploy > Deployment; see Deploy Configuration Changes.
Report—Click Report () ; see Generate Current Policy Reports.