Synchronize Snort 2 Rules with Snort 3
To ensure that the Snort 2 version settings and custom rules are retained and carried over to Snort 3, the management center provides the synchronization functionality. Synchronization helps Snort 2 rule override settings and custom rules, which you may have altered and added over the last few months or years, to be replicated on the Snort 3 version. This utility helps to synchronize Snort 2 version policy configuration with Snort 3 version to start with similar coverage.
Note | Snort 2 is not supported on threat defense Version 7.7. For information on Snort 2 features that are supported in versions earlier than 7.7, refer to the management center guide that matches your threat defense version. |
If the management center is upgraded from 6.7 or earlier to 7.0 or later version, the system synchronizes the configuration. If the management center is a fresh 7.0 or later version, you can upgrade to a higher version, and the system will not synchronize any content during upgrade.
Before upgrading a device to Snort 3, if changes are made in Snort 2 version, you can use this utility to have the latest synchronization from Snort 2 version to Snort 3 version so that you start with a similar coverage.
Note | On moving to Snort 3, it is recommended that you manage the Snort 3 version of the policy independently and do not use this utility as a regular operation. |
Important |
|
Procedure
Step 1 | Choose . | ||
Step 2 | Ensure the Intrusion Policies tab is selected. | ||
Step 3 | Click Show Snort 3 Sync status. | ||
Step 4 | Identify the intrusion policy that is out-of-sync. | ||
Step 5 | Click the Sync icon Snort out-of-Sync (
| ||
Step 6 | Read through the summary and download a copy of the summary if required. | ||
Step 7 | Click Re-Sync.
|
What to do next
Deploy configuration changes; see Deploy Configuration Changes.