Is is possible to have ACC assign different APP RISK based on the zone?

cancel
Showing results for 
Search instead for 
Did you mean: 

Is is possible to have ACC assign different APP RISK based on the zone?

I would like to be able to assign a different RISK rating on the same app, say RDP.

If RDP is seen on the management zone I would rate that as a RISK 2, however if seen on the Internal zone I would rate that as RISK 5.  Does anyone know a way to do this short of having different firewalls for each zone?

3 REPLIES 3

Cyber Elite
Cyber Elite

You could create a custom applicaiton for RDP traffic for one of those zones and then utilize an applicaiton override policy for labeling all rdp traffic from the internal zone as the new 'rdp-risk5' application. It's admitably a pretty 'hack' way of doing things, but it'll work for what you are trying to do. 

Cyber Elite
Cyber Elite

Hello,

Yes you adjust the 'risk' value to something other than default. Go to Objects->Applications, then click on the name of the application. When the popup opens, there is a 'Customize' option next to the default Risk value.

 

Hope this helps.

Cyber Elite
Cyber Elite

you want to hit 2 birds with one stone, you could split everyday traffic from management segment by splitting up the two into 2 separate VSYS

in each vsys you can perfectly assign different risk factors to the same application and you get to physically treat the connections differently as they flow through a separate vsys (no risk of accidental overflow)

Tom Piens
PANgurus
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!