exceptions for device level IPS and malware protection on ASA-CX

Unanswered Question
Aug 28th, 2014
User Badges:

I am using device level IPS and malware protection on my V9.2.1.2 ASA-CX box at the device level.  I have run into a few sites that have low reputation and trigger a block but that I need to access.  Since device level protection applies to all access polices where could I create a reputation/malware exception?  Do I have to disable this protection at the device level and move it into polices so I can exclude these sites by adding them to policies that do not have malware protection turned on?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
tan-thien.ngo Tue, 11/04/2014 - 09:48
User Badges:

Hi Diego,


I have the same issue. I tried to add a new policy without any reputation profile and with a more permissive profile but it seems it doesn't override the device level policy.

Have you been able to find a solution?





DIEGO ALONSO Tue, 11/04/2014 - 10:35
User Badges:

Negative.  I ended up removing the device level profiles.  Then I created policies without IPS/malware profiles that matched the problem web sites.  I then had to add my IPS and malware profiles to all remaining policies.  Very inefficient but it worked for me.





This Discussion