tastetama.blogg.se - Access control entry is corrupt

In a DNS policy, you can also constrain DNs based on network or VLAN.Ī Security Intelligence feed is a dynamic collection of IP addresses, URLs, or domain names that the Firepower Management Center downloads from an HTTP or HTTPS server at the interval you configure. You can constrain these by security zone. Global, Descendant, and Domain-specific lists apply to any zone, and you can disable them on a per-policy basis.įinally, you can build custom whitelists and blacklists for IP addresses, URLs, or domain names, using:

You can view the contents of domain-specific lists for ancestor domains, and edit the contents of the domain-specific list for your domain. In subdomains, domain-specific lists represent items whitelisted or blacklisted in or for the named domain.

Domain-specific whitelists and blacklists.

From an ancestor domain, you cannot view the contents of descendant lists. Descendant lists can also contain items added for lower-level domains by higher-level domain administrators. In ancestor domains, descendant lists represent items whitelisted or blacklisted in subdomains. In a multidomain deployment, access control policies can also use: Similarly, DNS policies use the Global DNS whitelist and blacklist. If you are not sure whether you want to blacklist a particular IP address or URL, a monitor-only setting allows the system to handle a connection using access control, but also logs the connection’s match to the blacklist.īy default, access control policies use Global whitelists and blacklists for IP addresses and URLs. You can also add IP addresses, URLs, and domain names to a whitelist to force the system to handle their connections using access control. This is especially useful if you want to blacklist - deny traffic to and from - specific IP addresses or URLs, before the traffic is analyzed by access control rules.

You configure Security Intelligence in access control policies, separate from access control rules. The Security Intelligence feature allows you to specify the traffic that can traverse your network based on the source or destination IP address, domain name, or URL. The most info I've found on it is in the FMC self help, not in the 2400+ page FMC User Guide. We can add a feed configuration and they add/remove domains as needed. I want to do a custom URL feed that our security group maintains its member URL domains on and keep us out of the blocked domain membership management business. Our URL objects list has exploded and I don't quite think that this product was developed with managing a huge list of blocked domains in mind. Our security group is constantly coming up with domain names to be blocked and we're likely in the hundreds (thousand+ likely within the next 12 months) and there is no way this will stop. Has anyone implemented successfully or unsuccessfully the custom feed feature in FMC 6.1.0 (or later)? The feed list creation is in Object Management, URL Lists and Feeds.