Specify a Policy to Handle Packets That Pass Before Traffic Identification

Note

This setting is sometimes referred to as the default intrusion policy. (This is distinct from the default action for an access control policy.)

Before you begin

Review best practices for these settings. See Best Practices for Handling Packets That Pass Before Traffic Identification.

Procedure

Step 1

In the access control policy editor, click Advanced, then click Edit (edit icon) next to the Network Analysis and Intrusion Policies section.

If View (View button) appears instead, settings are inherited from an ancestor policy, or you do not have permission to modify the settings. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 2

Select an intrusion policy from the Intrusion Policy used before Access Control rule is determined drop-down list.

If you choose a user-created policy, you can click Edit (edit icon) to edit the policy in a new window. You cannot edit system-provided policies.

Step 3

Optionally, select a different variable set from the Intrusion Policy Variable Set drop-down list. You can also select Edit (edit icon) next to the variable set to create and edit variable sets. If you do not change the variable set, the system uses a default set.

Step 4

Click OK.

Step 5

Click Save to save the policy.

What to do next

  • Deploy configuration changes.