1. shaktavist
    August 15, 2019 @ 3:08 am

    Nice, I have been doing this slightly differently by creating a custom IPS policy with the new IPS rule and then applying this new IPS policy to an access rule. Like you point out the number of changes can become difficult to track and depending on changes made in the future you could have to track back on the custom changes.


    • Todd Lammle
      August 15, 2019 @ 8:23 am

      Yes, that is the other way to do it, but now you have to tune two IPS policies. That maybe okay fi you have the time to do it!


  2. shahrukh aziz
    October 15, 2019 @ 12:02 pm

    In a scenario with 5506-x/5508-x running in ASA+FPR module (paired with FMC), with ACL’s configured on the ASA and redirect-list configured to send “ip any any” to the SFR module. Would it be easier to just add a deny line on the redirect ACL for the source IP which is to be exempted from IPS inspection?


    • Todd Lammle
      October 15, 2019 @ 12:55 pm

      yes, that is correct. You’d just add an ACL in your SFR service policy
      thank you for posting!


Leave a Reply

Your email address will not be published. Required fields are marked *