So I've just had a FTD cluster dumped on me to setup an IPS policy. I'm usually a Checkpoint guy and this is the first time I'm using FTD/FMC.
The FTDs are already setup and have an Access Control Policy in place. Not doing SSL inspection.
As far as I can tell, I need to enable inspection on a per ACP rule basis. There's already a few hundred rules in the rulebase, is there a simple way to do this? Or am I going to have to go through each rule and enable it?
Or is there the concept of a default inspection policy (as with Checkpoint IPS) whereby all traffic matched by the access policy will be inspected as well? I've seen that you can set the default *action* to inspect, but that appears to only be matched if you don't match any preceding access rule.
The cluster is managed by FMC 6.2 if that makes any difference.
No comments:
Post a Comment