• Cisco Security Cloud Control Management: Cloud-Delivered Firewall Management Center
  • Onboard Devices to Cloud-Delivered Firewall Management Center
  • System Settings
  • Optimize Firewall Performance with AIOps
  • Health and Monitoring
  • Tools
  • Reporting and Alerting
  • Event and Asset Analysis Tools
  • Events and Assets
  • High Availability and Scalability
  • Interfaces and Device Settings
  • Routing
  • Network Policies
  • Secure Connections
  • Zero Trust Network Access
  • Access Control Policy Basics
  • Decryption Policies and Encrypted Visibility for Access Control
  • Identity Policies for Access Control
  • Advanced Policies and Settings for Access Control
    • Prefilter Policies
    • DNS Policies for Security Intelligence
    • File Policies for Network Malware Protection
    • Dynamic Attributes Connector
    • Advanced Settings for Access Control
      • Requirements and prerequisites for advanced settings
      • Configuring advanced settings for the access control policy
        • General settings
        • TLS server identity discovery
        • Intelligent application bypass
        • Transport/network layer preprocessor settings
        • Detection enhancement settings
          • Adaptive profile updates
          • Adaptive profile updates and recommended rules
        • Performance settings
        • Latency-Based Performance Settings
    • Service Policies
    • Threat Detection
    • Elephant Flow Detection
    • Policy Analyzer and Optimizer
  • Custom Intrusion Policies for Access Control
  • Network Discovery
  • Objects and Certificates
  • Reference

Adaptive profile updates and recommended rules

The adaptive profile updates feature is an advanced setting in an access control policy that applies globally to all intrusion policies invoked by that access control policy. The Cisco recommended rules feature applies to the individual intrusion policy where you configure it.

Like recommended rules, profile updates compare metadata in a rule to host information to determine whether a rule should apply for a particular host. However, while recommended rules provide recommendations for enabling or disabling rules using that information, profile updates use the information to apply specific rules to specific traffic.

Recommended rules require your interaction to implement suggested changes to rule states. Profile updates, on the other hand, do not modify intrusion policies. Treatment of rules based on profile updates happens on a packet-by-packet basis.

Additionally, recommended rules can result in enabling disabled rules. Profile updates, in contrast, only affect the application of rules that are already enabled in intrusion policies. Profile updates never change the rule state.

You can use profile updates and recommended rules in combination. Profile updates use the rule state for a rule when your intrusion policy is deployed to determine whether to include it as a candidate for applying, and your choices to accept or decline recommendations are reflected in that rule state. You can use both features to ensure that you have enabled or disabled the most appropriate rules for each network you monitor, and then to apply enabled rules most efficiently for specific traffic.

Copyright © 2026, Cisco Systems, Inc. All rights reserved.