ASA Firepower Intrusion Policy Setup

QUARK TARO · ‎12-02-2015

I have to SFR setup on 5525-X with firesight appliance.

The default network deiscovery mode works fine, I can see the Analysis -> connection evets.
Now I want to switch to IPS inline mode by creating IPS policy called My_Policy as below

Under Policy -> intrusion policy - create new (base policy: Initial Inline Policy)

Now apply the policy by

Policies -> Access Control -> Default Network Discovery -> Edit
Here I see Admin Rules, Std rules, Root rules emty.

Default Action -> Intrusion Prevenstion: My_Policy

Log at the End of the connection
Send connection events to Defense Center - > Apply.

I have also defined

Objects - > Variable Set

Home_net (to reflects all local subnets)

external_net (exclude Home_net)

----------------------------------------
Now when I access Access Control, the polciy still remains as Network Discovery Control. It should change to My_Policy right?

Why is that Admin Rules, Std rules, Root rules are empty? Do I need to define them separately?

Aastha Bhardwaj · ‎12-02-2015

Hi,

After clicking Apply , did you deploy it ? Deploy button is on the top right hand corner .

Regards,

Aastha Bhardwaj

QUARK TARO · ‎12-02-2015

At top most there is "Save & Apply" This is done.

I do not see Deploy Option anywhere.

Aastha Bhardwaj · ‎12-03-2015

Hi,

Sorry but whats the version on Defense Center ? Once you apply it can you check if it says Completed in the Task status ?

Regards,

Aastha Bhardwaj

QUARK TARO · ‎12-03-2015

Version is 3.4 updated recently, with earlier cisco IPS on ASA, I could apply the default IPS policies, is is not the case with SFR?