Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

exceptions for device level IPS and malware protection on ASA-CX

I am using device level IPS and malware protection on my V9.2.1.2 ASA-CX box at the device level.  I have run into a few sites that have low reputation and trigger a block but that I need to access.  Since device level protection applies to all access polices where could I create a reputation/malware exception?  Do I have to disable this protection at the device level and move it into polices so I can exclude these sites by adding them to policies that do not have malware protection turned on?

Thanks,

Diego

2 REPLIES
New Member

Hi Diego, I have the same

Hi Diego,

 

I have the same issue. I tried to add a new policy without any reputation profile and with a more permissive profile but it seems it doesn't override the device level policy.

Have you been able to find a solution?

 

Thx

 

Tan

New Member

Negative.  I ended up

Negative.  I ended up removing the device level profiles.  Then I created policies without IPS/malware profiles that matched the problem web sites.  I then had to add my IPS and malware profiles to all remaining policies.  Very inefficient but it worked for me.

 

Rgds,

Diego

268
Views
5
Helpful
2
Replies
CreatePlease to create content