Custom IPS Policy in an FDM-Managed Access Control Rule
You cannot have more than one instance of the same custom IPS policy associated to a single device.
Note | Associating an IPS policy with an access control rule means that passing traffic is submitted to deep packet inspection. The only supported rule action for an access control rule with an IPS policy is Allow. Use the following procedure to associate a custom IPS policy to an FDM-managed device: |
Procedure
Step 1 | Create a custom IPS policy. See Create a Custom IPS Policy for more information. |
Step 2 | From the Cisco Defense Orchestrator Navigation pane, select Policies. Click FTD / Meraki / AWS Policies. |
Step 3 | Scroll or filter through the list of FDM-managed device policies and select the policy you want to associate with a custom IPS policy. |
Step 4 | Click the blue plus button |
Step 5 | In the Order field, select the position for the rule within the policy. Network traffic is evaluated against the list of rules in numerical order, 1 to "last." |
Step 6 | Enter the rule name. You can use alphanumeric characters, spaces, and these special characters: + . _ - |
Step 7 | Select the Intrusion Policy tab. Expand the drop-down menu to see all the available intrusion policies and select the desired custom IPS policy. |
Step 8 | Define the traffic matching criteria by using any combination of attributes in the remaining tabs: Source/Destination, URLs, Applications, and File Policy. |
Step 9 | (Optional) Click the logging tab to enable logging and collect connection events reported by the access control rule. |
Step 10 | Click Save. |
Step 11 | Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
.