Policy Deployment
So far, you have configured various parts of an intrusion detection and prevention system. They do not begin acting on live traffic until and unless you bring together all the policy components and deploy them on the threat defense. An access control policy acts as the central place for invoking all other security settings and policies, such as network analysis policies and intrusion policies. Let’s work on an access control policy now.
Step 1. Navigate to Policies > Access Control > Access Control. The available access control policies appear. You can modify one of the existing policies or click New Policy to create a new one.
Step 2. When the access control policy editor opens, go to the Advanced tab. Modify the Network Analysis and Intrusion Policies section (see Figure 15-29). Here, you can select an intrusion policy that can process network traffic before an access control rule is determined for the traffic. You can also select a network analysis policy and a variable set to use by the intrusion policy.
Figure 15-29 Invoking Policies Before an Access Control Rule Is Determined
Step 3. For any traffic that does not match any access control rule, you can select a system-provided or custom intrusion policy as the default action, as shown in Figure 15-30.
Figure 15-30 Default Intrusion Policy for Traffic That Does Not Match Any Access Control Rules
Step 4. You can also set an inspection policy per access control rule. When you are adding or editing an access control rule, go to the Inspection tab and use the drop-down to select an intrusion policy and variable set for the matching traffic. Figure 15-31 shows the selection of an intrusion policy and a variable set within an access control rule. When a packet matches the condition of this access control rule, it is subject to the intrusion inspection based on this intrusion policy and variable set.
Figure 15-31 Intrusion Policy for Traffic That Matches an Access Control Rule
Step 5. After you invoke all the desired policies in your access control policy, click the Save button to store the configurations locally.
Step 6. Finally, go to Deploy > Deployment to deploy the policy to your threat defense.
Policy Deployment – Cisco Network Analysis and Intrusion Policies
•
Leave a Reply