Professional Documents
Culture Documents
DC-FW
Data-center-FW
Modified By admin
Last Modified 2021-08-23 07:22:54 (UTC)
Table
Policy Information.........................................................................................................................................................................................................................1
Device Targets...............................................................................................................................................................................................................................1
Security Intelligence.....................................................................................................................................................................................................................1
DNS Policy......................................................................................................................................................................................................................1
Network Whitelist............................................................................................................................................................................................................1
URL Whitelist..................................................................................................................................................................................................................1
Network Blacklist.............................................................................................................................................................................................................2
URL Blacklist...................................................................................................................................................................................................................2
Default Action................................................................................................................................................................................................................................2
Rules...............................................................................................................................................................................................................................................2
Mandatory Rules.............................................................................................................................................................................................................2
PACS......................................................................................................................................................................................................................2
Default Rules.................................................................................................................................................................................................................45
Advanced Settings......................................................................................................................................................................................................................45
General Settings...........................................................................................................................................................................................................45
Network Analysis and Intrusion Policies.......................................................................................................................................................................45
Files and Malware Settings...........................................................................................................................................................................................45
Transport/Network Layer Preprocessor Settings..........................................................................................................................................................45
Detection Enhancement Settings..................................................................................................................................................................................46
Performance Settings....................................................................................................................................................................................................46
Latency-Based Performance Settings...........................................................................................................................................................................46
Identity Policy Settings..................................................................................................................................................................................................46
SSL Policy Settings.......................................................................................................................................................................................................46
Prefilter Policy Settings.................................................................................................................................................................................................46
Intelligent Application Bypass.......................................................................................................................................................................................46
Threat Defense Service Policy......................................................................................................................................................................................47
Logging Policy.............................................................................................................................................................................................................................47
Default Syslog Settings.................................................................................................................................................................................................47
Referenced Objects.....................................................................................................................................................................................................................47
Object Groups...............................................................................................................................................................................................................47
Variable Sets.................................................................................................................................................................................................................47
SNMP Alert...................................................................................................................................................................................................................49
Security Intelligence......................................................................................................................................................................................................49
Network Lists and Feeds.......................................................................................................................................................................................49
URL Lists and Feeds.............................................................................................................................................................................................49
Networks.......................................................................................................................................................................................................................49
Ports..............................................................................................................................................................................................................................51
i
Policy Information
Name DC-FW
Description Data-center-FW
Domain Global
Modified By admin
Last Modified 2021-08-23 07:22:54 (UTC)
Device Targets
Device DC
Security Intelligence
DNS Policy
Network Whitelist
Zone any
Global Whitelist
URL Whitelist
Zone any
Global Whitelist for URL
1
Network Blacklist
Zone any
Global Blacklist Action Block
Yes
Log Connections
Yes
Send Events to Defense Center
URL Blacklist
Zone any
Global Blacklist for URL Action Block
Yes
Log Connections
Yes
Send Events to Defense Center
Default Action
Default Action Access Control: Block All Traffic
Variable Set
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Rules
Mandatory Rules
PACS
1:RADIOLOGY (2)
Action Allow
to-FW-NET
Source Zones Old_Network
vlan-3003
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks voip-controller
Safe Search Disable
2
Youtube EDU Disable
VLAN Tags any
Users any
Psiphon
GoDaddy
HTTPS
Mitel
Application Filters RTCP
RTP
RTP Video
SIP
SSL
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
2:RADIOLOGY
Action Allow
vlan-3003
Source Zones
Old_Network
vlan-3003
Destination Zones
Old_Network
Source Tunnels any
Source Networks 172.16.118.244
Original Client Networks any
172.16.0.0
Destination Networks ASUH-Staff
192.168.30.0
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
PJL
Application Filters
ACR-NEMA
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
3
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
3:pacs to rad
Action Allow
Source Zones Old_Network
Destination Zones vlan-3003
Source Tunnels any
Source Networks 172.16.118.244
Original Client Networks any
192.168.30.252
Destination Networks
10.200.31.1-253
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
TCP (6):4006
UDP (17):161
Destination Ports
TCP (6):515
TCP (6):104
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
4:CD-PACS
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
172.16.118.46
Destination Networks
172.16.118.191
Safe Search Disable
Youtube EDU Disable
4
VLAN Tags any
Users any
HTTP Tunnel
Application Filters HTTP
HTTPS
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
5:systems to pacs
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks 172.16.118.244
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters ACR-NEMA
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
6:Ris_to_non_domian
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
5
Source Tunnels any
172.16.114.123
192.168.30.47
Source Networks
10.200.31.185
192.168.30.0
Original Client Networks any
Destination Networks RIS
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters HTTP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy FW-DC-IPS
Variable Set Default-Set
File Policy
Comments
6
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
7
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports TCP (6):104
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
10:allow admins
Action Allow
Old_Network
Source Zones
vlan-3003
Vlan100
Destination Zones
Vlan420
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users Group:asuh/Domain Admins
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
8
Comments
11:hector
Action Allow
Source Zones vlan-3003
Destination Zones Old_Network
Source Tunnels any
Source Networks 10.200.20.1
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
12:allow 37
Action Allow
Source Zones Old_Network
Destination Zones Vlan100
Source Tunnels any
Source Networks 172.16.113.37
Original Client Networks any
Destination Networks 10.100.10.200
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters HTTP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
9
Intrusion Policy Maximum Detection
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
13:Internet fw ise
Action Allow
Source Zones to-FW-NET
Destination Zones Vlan420
Source Tunnels any
FTD-internet-inside
Source Networks
FMC-FDT
Original Client Networks any
ISE
Destination Networks
DNS
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Connectivity Over Security
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
14:allow101 (1)
Action Allow
Source Zones ASU-net
Destination Zones Old_Network
Source Tunnels any
10
Source Networks any
Original Client Networks any
Destination Networks 172.16.118.101
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters HTTP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Maximum Detection
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
15:dicom-notification
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
Source Tunnels any
192.168.12.0/24
ASUH-Staff
Source Networks
172.16.0.0
192.168.30.0
Original Client Networks any
Destination Networks 172.16.118.191
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
TCP (6):49000
Destination Ports
TCP (6):49001-49008
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
11
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
16:LABS-230
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
Source Tunnels any
172.16.118.230
172.16.118.101
172.16.118.253
172.16.0.0/16
Source Networks
192.168.15.0/24
192.168.0.0/16
10.0.0.0
central
Original Client Networks any
172.16.114.200
172.16.118.253
Destination Networks
172.16.118.230
172.16.118.14
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
NetBIOS-ssn (SMB)
Application Filters
TNS/Oracle
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
17:shared-ip-based
Action Allow
12
Source Zones vlan-3003
Destination Zones Old_Network
Source Tunnels any
Source Networks 10.200.15.40
Original Client Networks any
Destination Networks 172.16.118.37
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters NetBIOS-ssn (SMB)
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
18:temp
Action Allow
Source Zones Old_Network
Destination Zones to-FW-NET
Source Tunnels any
172.16.118.253
Source Networks
asuh_pacs
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
13
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
19:anton_rdp
Action Allow
Source Zones Old_Network
Old_Network
Destination Zones
vlan-3003
Source Tunnels any
Source Networks 172.16.112.128/25
Original Client Networks any
172.16.118.250
Destination Networks
172.16.118.200
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users User:asuh/anton
Application Filters RDP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
20:RDP_LABS
Action Allow
Source Zones Old_Network
14
Old_Network
Destination Zones
vlan-3003
Source Tunnels any
Source Networks 172.18.2.200
Original Client Networks any
172.16.118.40
172.16.118.230
172.16.118.101
172.16.118.253
Destination Networks
172.16.114.200
192.168.15.0/24
ASUH-Staff
192.168.30.0
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users User:asuh/abdo
Application Filters RDP
Source Ports any
All:10101
All:10040
Destination Ports
All:10230
All:3389
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
21:pacs_rdp
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
172.16.118.246
172.16.118.241
Destination Networks 172.16.118.243
172.16.118.125
asuh_pacs
Safe Search Disable
15
Youtube EDU Disable
VLAN Tags any
Users User:asuh/remorad,asuh/remorad3
ICMP
HTTP
HTTPS
Application Filters RDP
TeamViewer
VMware Server Console
VMware vCenter client
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Comments
22:asu-servers-allow (1)
Action Allow
Old_Network
Source Zones
vlan-3003
Destination Zones Old_Network
Source Tunnels any
172.16.185.160
10.200.2.38
Source Networks 192.168.30.27
10.200.15.40
10.200.2.237
Original Client Networks any
172.16.118.40
Destination Networks
172.16.118.200
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
NetBIOS-ssn (SMB)
Application Filters
MS SQL
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy FW-DC-IPS
Variable Set Default-Set
16
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
23:allow mc-sql
Action Allow
Old_Network
Source Zones
vlan-3003
Destination Zones Old_Network
Source Tunnels any
172.16.112.240
Source Networks
10.200.13.13
Original Client Networks any
172.16.118.40
Destination Networks 172.16.118.200
172.16.118.250
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
RDP
Application Filters
MS SQL
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy FW-DC-IPS
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
24:asu-servers-allow
Action Allow
vlan-3003
Source Zones Old_Network
ASU-net
Destination Zones Old_Network
17
Source Tunnels any
172.16.91.0/22
172.16.185.0/24
ASUH-Staff
central
Source Networks 192.168.0.0
172.16.116.0
172.16.117.0
172.16.119.0
172.16.112.0
Original Client Networks any
172.16.118.200
Destination Networks
172.16.118.40
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users Relam:asuh/*
Application Filters MS SQL
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy FW-DC-IPS
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
25:ittest
Action Allow
Old_Network
Source Zones
vlan-3003
Destination Zones any
Source Tunnels any
10.200.16.5
10.200.17.1
Source Networks
10.200.2.81
IT
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
18
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
26:ash3a vpn
Action Allow
Source Zones to-FW-NET
Destination Zones Old_Network
Source Tunnels any
Source Networks VPN-pools
Original Client Networks any
Destination Networks asuh_pacs
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports HTTP
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
19
Comments
28:VPN Users
Action Allow
Source Zones to-FW-NET
Destination Zones any
Source Tunnels any
Source Networks VPN-pools
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
20
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
21
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
30:asuh_guest (1)
Action Allow
Old_Network
Source Zones
vlan-3003
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
172.16.118.200
172.16.118.107
Destination Networks
172.16.118.40
172.16.118.250
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users User:asuh/kareem.m,asuh/a.khaled,asuh/h.tarek,asuh/anton,asuh/ahmed
ACR-NEMA
HTTP
Application Filters HTTP/2
MS SQL
NetBIOS-ssn (SMB)
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
31:mgmt to internet
22
Action Allow
Vlan420
Vlan100
Vlan-60
Source Zones vlan-3002
Vlan421
vlan-3005
DNA_Cluster
Destination Zones any
Source Tunnels any
172.16.118.106
172.16.118.117
172.16.118.170
10.20.10.0-24
IT
Source Networks 10.100.10.0-24
Edge_Switches
10.22.10.0-24
Access_point
10.60.0.0-24
10.20.40.0-24
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection Yes
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Send Events to SNMP yes, using DNAC
Comments
32:ASU-net
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones ASU-net
Source Tunnels any
23
ASUH-Staff
Source Networks
OLD-CORE
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
33:RADIOLOGY (4)
Action Allow
Source Zones voip-dmz
Destination Zones to-FW-NET
Source Tunnels any
Source Networks voip-wan
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
24
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
34:block ip
Action Block
Old_Network
Source Zones
Vlan100
Destination Zones to-FW-NET
Source Tunnels any
10.100.10.109
Source Networks
172.16.118.0
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
35:DNS to all1
Action Allow
Old_Network
vlan-3003
vlan-3002
vlan-3005
Source Zones Vlan421
DNA_Cluster
vlan-3004
vlan-3006
vlan-3001
Vlan100
Destination Zones Vlan-60
Old_Network
Source Tunnels any
25
Source Networks any
Original Client Networks any
DNS
DHCP
Destination Networks additional
NTP
dhcp-test
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
kpasswd
AD DRS
CLDAP
DHCP
DHCP Failover
DHCP Failover 2
DNS
Application Filters LDAP
LDAPS
LSARPC
Microsoft Global Catalog
NTP
NetBIOS-ssn (SMB)
Netlog
Netlogon
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Comments
36:DNS
Action Allow
Old_Network
vlan-3003
vlan-3002
vlan-3005
Source Zones Vlan421
DNA_Cluster
vlan-3001
vlan-3004
vlan-3006
Vlan100
Destination Zones Vlan-60
Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks
26
DNS
DHCP
NTP
dhcp-test
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
AD DRS
CLDAP
DHCP
DHCP Failover
DHCP Failover 2
DNS
LDAP
Application Filters LDAPS
LSARPC
Microsoft Global Catalog
NTP
NetBIOS-ssn (SMB)
Netlog
Netlogon
kpasswd
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
37:DNS to all
Action Allow
Old_Network
vlan-3001
vlan-3003
vlan-3002
Source Zones vlan-3004
vlan-3005
vlan-3006
Vlan421
DNA_Cluster
Vlan100
Destination Zones
Vlan-60
Source Tunnels any
Source Networks any
27
Original Client Networks any
DNS
DHCP
Destination Networks
NTP
dhcp-test
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
kerberos
dhcp
DNS_over_TCP
ldap_udp
Netlogon
smb
DNS_over_UDP
Destination Ports
ebmap_udp
NTP-TCP
AD_DRS
NTP-UDP
cldap
LDAP
ebmap_tcp
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
28
central
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy FW-DC-IPS
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Send Events to SNMP yes, using DNAC
Comments
39:URL ALLOW
Action Allow
vlan-3003
Source Zones
Old_Network
Destination Zones any
Source Tunnels any
ASUH-Staff
Source Networks
172.16.0.0
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs http://82.129.243.44:7001/emoh100
http://41.33.78.210:7001/emoh100
http://192.168.41.16:7001/emoh100
29
http://81.129.243.41:7001/emoh100
http://41.33.78.208:7001/emoh100
http://192.168.41.25:7001/emoh100
http://41.33.78.209:7001/emoh100
http://192.168.41.28:7001/emoh100
http://82.129.243.42:7001/emoh100
http://www.smcegy.com
http://www.wl.smcegy.com
http://www.wlmssmcegy.com
http://www.100milionseha.eg
http://81.21.105.234
http://193.227.20.76
http://62.68.238.83
https://login.yahoo.com
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
40:all to ise(disable)
Action Allow
Old_Network
vlan-3001
vlan-3003
vlan-3002
Source Zones vlan-3004
vlan-3005
vlan-3006
Vlan421
DNA_Cluster
Destination Zones Vlan420
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks ISE
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
30
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
42:old-network to internetcont
Action Allow
Source Zones Old_Network
Destination Zones to-FW-NET
Source Tunnels any
31
192.168.12.0/24
192.168.18.0/24
192.168.14.14
172.16.0.0
central
192.168.30.0
voip-controller
Source Networks grage_2
asuh-internet
research
192.168.17.47
192.168.17.7
eng-ehab
grage_server
192.168.31.0
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Comments
43:user to internet
Action Allow
vlan-3001
Source Zones
vlan-3003
Destination Zones to-FW-NET
Source Tunnels any
Source Networks ASUH-Staff
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
32
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Send Events to SNMP yes, using DNAC
Comments
44:old-network_to_edges
Action Allow
Source Zones Old_Network
Destination Zones vlan-3003
Source Tunnels any
10.30.0.0/16
172.16.118.0
Source Networks
IT
central
Original Client Networks any
Destination Networks ASUH-Staff
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
33
45:LAB&DVR_zone
Action Allow
vlan-3003
Source Zones
Old_Network
Old_Network
Destination Zones
vlan-3003
Source Tunnels any
172.16.112.0/24
172.16.115.95
172.16.114.42
172.16.115.26
Source Networks
172.16.115.236
172.16.115.0/24
ASUH-Staff
SURGERY-old
Original Client Networks any
172.16.114.200
192.168.74.100
Destination Networks 172.16.115.95
SURGERY-old
ASUH-Staff
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
46:old-network to servers(disable)
Action Allow
Source Zones Old_Network
Destination Zones Vlan100
Source Tunnels any
Source Networks 192.168.60.0/24
Original Client Networks any
Destination Networks 10.100.10.0-24
34
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
47:icmp_radiology(disable)
Action Allow
vlan-3003
Source Zones
Old_Network
vlan-3003
Destination Zones
Old_Network
Source Tunnels any
172.16.114.200
Source Networks 172.16.118.0
10.200.31.1-253
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters ICMP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
35
File Policy
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
49:DNAC-SNMP1(disable)
Action Allow
Source Zones any
Destination Zones any
Source Tunnels any
Source Networks 10.20.10.0-24
36
10.22.10.0-24
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports UDP (17):161
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection Yes
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
37
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
38
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
54:psiphon
Action Allow
Old_Network
Source Zones
vlan-3003
39
Destination Zones Old_Network
Source Tunnels any
Source Networks any
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters Psiphon
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy
Variable Set Default-Set
File Policy
Comments
40
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection No
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
56:http access-servers
Action Allow
Old_Network
Source Zones vlan-3003
ASU-net
Destination Zones Old_Network
Source Tunnels any
192.168.0.0/16
172.16.0.0/16
Source Networks
ASUH-Staff
central
Original Client Networks any
172.16.118.230
Destination Networks 172.16.118.250
172.16.118.204
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters HTTP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Balanced Security and Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
57:radiology-ping
Action Allow
41
Source Zones Old_Network
Destination Zones Old_Network
Source Tunnels any
192.168.30.80
Source Networks 172.16.118.253
172.16.118.244
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters ICMP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
58:allow_temp_253
Action Allow
Source Zones Old_Network
Destination Zones Old_Network
Source Tunnels any
Source Networks 172.16.118.253
Original Client Networks any
Destination Networks 172.16.114.200
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters ICMP
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
42
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy
Log at Beginning of Connection Yes
Log at End of Connection No
Log File Events No
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
59:bio_gast
Action Allow
Source Zones Old_Network
Destination Zones Old_Network
Source Tunnels any
Source Networks 172.16.114.0/24
Original Client Networks any
Destination Networks any
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports All:4370
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Connectivity Over Security
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
60:DNAC-SNMP2 (1)(disable)
Action Allow
Source Zones any
Destination Zones any
43
Source Tunnels any
Source Networks any
Original Client Networks any
10.20.10.0-24
Destination Networks
10.22.10.0-24
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports UDP (17):161
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW_DC-malware
Log at Beginning of Connection Yes
Log at End of Connection Yes
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
61:Allow 150
Action Allow
Source Zones vlan-3003
Destination Zones Old_Network
Source Tunnels any
Source Networks 10.200.31.11
Original Client Networks any
Destination Networks 150.0.0.0/16
Safe Search Disable
Youtube EDU Disable
VLAN Tags any
Users any
Application Filters any
Source Ports any
Destination Ports any
Source ISE Metadata any
Destination ISE Metadata any
Security Group Tag any
Time Range
URLs any
44
Intrusion Policy Security Over Connectivity
Variable Set Default-Set
File Policy FW-NET-malware
Log at Beginning of Connection No
Log at End of Connection No
Log File Events Yes
Send Events to Defense Center Yes
Send using specific syslog alert No
Comments
Default Rules
Advanced Settings
General Settings
45
Detection Enhancement Settings
Performance Settings
No Data
46
Threat Defense Service Policy
Logging Policy
Default Syslog Settings
Referenced Objects
Object Groups
172.16.118.50
172.16.118.244
172.16.118.191
172.16.118.204
172.16.118.203
asuh_pacs
172.16.118.19
172.16.118.84
172.16.118.53
172.16.118.54
172.16.118.46
0.0.0.0/0
any
::/0
DHCP-67
dhcp
DHCP-68
FTD-4100-chasis
FTD-DC
FTD
FTD-net
FMC
10.20.10.249
DNA-Group 10.22.10.249
10.22.10.250
Variable Sets
47
SSH_PORTS (Port) 22
64.12.31.136/32,205.188.210.203/32,64.12.46.140/32,64.12.24.0/23,
205.188.5.0/24,205.188.179.0/24,205.188.11.254/32,205.188.248.0/24,
AIM_SERVERS 205.188.11.228/32,205.188.11.253/32,205.188.153.0/24,
(Network) 205.188.1.132/32,205.188.3.0/24,64.12.161.0/24,
64.12.163.0/24,205.188.9.0/24,205.188.7.0/24,64.12.200.0/24,
64.12.186.85/32,64.12.28.0/23,
FTP_PORTS (Port) 21,2100,3535,
8300,8040,36099,2231,90,6767,1801,443,10255,8983,1720,49153,9850,
9091,40007,14592,5250,9002,3037,84,8014,8088,33300,5555,
53331,10080,8015,89,9830,9788,7080,8000,1581,7071,9080,
9200,8020,4592,7145,5060,3443,8028,5117,8181,9201,8118,
17000,81,5054,1414,8484,666,86,55555,11371,311,8880,1158,
2869,13014,44449,6080,808,50002,8082,7777,8500,55252,
5222,34444,4000,82,3507,8888,7144,2301,10100,9447,3000,5601,
9000,7778,9443,8694,2381,2375,3702,8393,23472,50000,
801,2578,8333,8080,1220,7001,8344,5000,9710,1533,8443,5416,
HTTP_PORTS (Port)
555,2809,5814,8222,1942,10443,1812,8180,9060,80,5894,
50452,12601,10297,383,9999,29991,8090,34412,16000,8280,30007,
1212,1741,8400,1830,7181,901,5450,5984,8085,7180,49152,
18081,8800,2484,87,3128,7770,6988,8001,1194,631,8008,
8123,8243,1422,5443,6173,5061,4343,8161,8899,593,15672,
10250,88,56712,7005,8182,15489,83,8081,8095,5600,7510,41080,
818,30018,34443,8509,7000,19980,51423,3029,972,4848,
8787,7070,85,36,9290,10000,9111,3057,1719,8060,591,2980,
7779,9090,8852,9700,
HTTP_SERVERS
$HOME_NET
(Network)
HOME_NET (Network) any
ORACLE_PORTS
any
Default-Set (Port)
SHELLCODE_PORTS
!80
(Port)
FILE_DATA_PORTS
143,110,$HTTP_PORTS,
(Port)
USER_CONF
any
(Advanced)
SSH_SERVERS
$HOME_NET
(Network)
SIP_PORTS (Port) 5600,5061,5060,
SQL_SERVERS
$HOME_NET
(Network)
GTP_PORTS (Port) 3386,2123,2152,
SNMP_SERVERS
$HOME_NET
(Network)
HTTP_Ports (Port) 443
TELNET_SERVERS
$HOME_NET
(Network)
SIP_SERVERS
$HOME_NET
(Network)
DNS_SERVERS
$HOME_NET
(Network)
SMTP_SERVERS
$HOME_NET
(Network)
EXTERNAL_NET
any
(Network)
48
SNMP Alert
User Name
SNMP Version 2
Server 10.22.10.250
Community tesseract-traps
DNAC
Auth Protocol None
Priv Protocol None
Engine
Security Intelligence
Network Lists and Feeds
Networks
voip-controller 172.18.17.240
172.16.0.0 172.16.0.0/16
ASUH-Staff 10.200.0.0/19
192.168.30.0 192.168.30.0/24
10.200.31.1-253 10.200.31.1-10.200.31.253
RIS 172.16.118.50
FTD-internet-inside 10.20.30.2
FMC-FDT 10.60.0.0/29
ISE 10.20.10.40
DNS 10.100.10.200
10.0.0.0 10.0.0.0/8
49
central 172.18.0.0/20
192.168.0.0 192.168.0.0/16
172.16.116.0 172.16.116.0/22
172.16.117.0 172.16.117.0/24
172.16.119.0 172.16.119.0/24
172.16.112.0 172.16.112.0/22
IT 192.168.19.0/24
VPN-pools 10.250.248.0/22
Edge_Switches 10.10.0.0/16
10.20.10.0-24 10.20.10.0/24
10.100.10.0-24 10.100.10.0/24
printers_radiology 192.168.13.0/24
radiology 10.200.31.1-10.200.31.253
150.2.0.0-16 150.2.0.0/16
10.200.1.1-99 10.200.1.1-10.200.1.99
10.22.10.0-24 10.22.10.0/24
Access_point 10.50.0.0/21
10.60.0.0-24 10.60.0.0/24
10.20.40.0-24 10.20.40.0/24
OLD-CORE 172.16.112.0-172.16.119.254
voip-wan 172.30.1.1
172.16.118.0 172.16.118.0/24
DHCP 10.100.10.100
additional 172.16.118.170
NTP 10.60.0.100
dhcp-test 172.16.118.23
grage_2 192.168.17.200
asuh-internet 172.18.69.0/25
research 192.168.60.0/24
192.168.17.47 192.168.17.47
192.168.17.7 192.168.17.7
eng-ehab 192.168.17.6
grage_server 192.168.17.100
192.168.31.0 192.168.31.0/24
SURGERY-old 172.16.113.0/24
vlan403 192.168.4.0/24
cardiology 172.16.185.0/24
172.16.120-24 172.16.120.0/24
FTD-4100-chasis 10.60.0.2
FTD-DC 10.60.0.3
FTD-net 10.60.0.4
FMC 10.60.0.1
10.20.10.249 10.20.10.249
10.22.10.249 10.22.10.249
10.22.10.250 10.22.10.250
50
Ports
51