Pre-Filter Policy on Firepower Threat Defense

Pre-Filter Policy is a new cool and useful feature supported on Firepower Threat Defense, it is the first phase of access control, before the FTD performs intensive inspection. It is used to bypass or block traffic that does not require further inspection by access control policy.

A pre-filter policy contains rules that match L3 and L4 informations, like IP’s and ports. There is no deep packet inspection in a pre-filter policy. We can compare the Prefilter rules to ACL on ASA.

One of the reasons to use this is to quickly allow or deny traffic, without further inspection. For example, you don’t allow FTP traffic. You could create a pre-filter policy that blocks TCP port 21. This means the traffic is not passed to the SNORT engine or check a malware policy. It blocks the traffic without impacting resources on FTD.

We want also to allow SSH traffic for administrator without further inspection. This traffic can be put on the Fast-Path. The fast-path allows traffic while bypassing deeper inspection. You could add this to the pre-filter policy with an action of fast-path, to save resources.

Prefilter Policy is not supported on ASA with FirePOWER Services,instead we use ACL with DENY Action

Published by:

Redouane MEDDANE

Redouane MEDDANE is Cisco Instructor CCSI #35458, 3xCCNP Collaboration, Security and Enterprise and he a published author of some of the most important OSPF Protocol, Security and Collaboration books in the world titled OSPF Demystified With RFC, Network Security All-in-one, and Dial Plan and Call Routing Demystified on CUCM. He is also a blogger at ipdemystify.com and writes articles about collaboration and security to demystify the most complex topics. His books are known for their technical depth and accuracy especially the OSPF Demystified With RFC book, which is considered as the best OSPF book in the world and named "One of the best OSPF ebooks of all time" by BookAuthority It gives you a hint at the ability to explain complex topics with remarkable ease. He worked as a Cisco Instructor and consultant indifferent Cisco Learning Partner and awarded twice as Cisco Distinguished Instructor Award and Cisco Security Instructor Excellence Award on 2018 and 2019, and Cisco Collaboration Instructor Excellence Award on 2020. The Distinguished Instructor Award recognizes the top 5% of Cisco's most influential CCSI's who provide the highest quality training experience and demonstrate the best overall instructor performance across multiple Cisco technologie and Instructor Excellence Award recognizes the top 25% of elite CCSIs being recognized for delivering top quality training and maintaining high customer satisfaction in their field of expertise.

Categories SecurityLeave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s