Associating Other Policies with Access Control
The easiest way to associate the major policy's to an access control policy is by clicking the policy's link in the packet flow shown at the topic of the access control policy. You can quickly select the associated policy. Alternatively, you can use the policy's advanced settings to associate the policy, as described in this topic. These policies include the following:
-
Prefilter policy—Performs early traffic handling using limited network (layer 4) outer-header criteria.
-
Decryption policy—Monitors, decrypts, blocks, or allows application layer protocol traffic encrypted with Secure Socket Layer (SSL) or Transport Layer Security (TLS).
CautionSnort 2 only. Adding or removing an SSL policy restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior for more information.
-
Identity policy—Performs user identification based on the realm and authentication method associated with the traffic.
Before you begin
Before associating an SSL policy with an access control policy, review the information about TLS server identity discovery in Access Control Policy Advanced Settings.
Procedure
Step 1 | In the access control policy editor, select Advanced Settings from the More drop-down arrow at the end of the packet flow line. |
Step 2 | Click Edit () in the appropriate Policy Settings area. If View () appears instead, settings are inherited from an ancestor policy, or you do not have permission to modify the settings. If the configuration is unlocked, uncheck Inherit from base policy to enable editing. |
Step 3 | Choose a policy from the drop-down list. If you choose a user-created policy, you can click edit that appears to edit the policy. |
Step 4 | Click OK. |
Step 5 | Click Save to save the access control policy. |
What to do next
-
Deploy configuration changes.