Rule applies, then an interface service rule on the egress interface is applied. Ingress interface-based rule applies to a connection, any matching global rule is ignored. Interface-based rules-If you specify a security zone or interface group in a service policy rule, the rule applies to theĪCL “allowed” traffic that goes through any interface that is part of the interface objects.įor a given feature, interface-based rules applied to the ingress interface always take precedence over global rules: if an You can use IP addresses and TCP/UCP ports to identify matching connections as precisely Any “denied” traffic in the ACL simply does not have the service applied to it: theseĬonnections are not actually dropped. You are not limited to applying the same services to all connections that enter the device or a given interface.Ī traffic class is a combination of the interface and an extended access control list (ACL). You can use Firepower Threat Defense Service Policies to apply services to specific traffic classes. History for Firepower Threat Defense Service PolicyĪbout Firepower Threat Defense Service Policies.Configure Firepower Threat Defense Service Policies.Guidelines and Limitations for Service Policies.Requirements and Prerequisites for Service Policies.About Firepower Threat Defense Service Policies.A service policy consists of multiple actions or rules applied to an interface or applied ![]() Use a service policy to create a timeout configuration that is specific to a particular TCP application, as opposed to one
0 Comments
Leave a Reply. |