Hi All,
Diving back into Firepower and not my choice of platform unfortunately, have spinning up some new ACP for unifying a couple of our DCs policy wise as part of a device upgrade.
Looking at Creating a Shared ACP with a couple of sub-ACPs to allow for DC specific rules, for ease of management going forward.
- Shared ACP (Global)
- DC 1 ACP (inherit Shared ACP)
- DC 2 ACP (inherit Shared ACP)
A couple if questions:
- Organization - anyone got any examples on how best to organize Categories within mandatory/default areas? (ideally would like to set the categories on the shared policy but it doesn't replicate down into editable groups on the child policies)
- IPS Policy Overrides - Each DC has its own IPS Policy, I can't see a way to create ACP rules on the shared policy with the IPS policy being overridden for each child policy? (i.e. IPS Policy is set in the shared ACP and then IPS Policy A and B are set on each set of devices)
There seems to be a lack of material covering the inheritance aspects and not wanting to re-invent the wheel, before carving it up.
No comments:
Post a Comment