Cisco FMC Access Policies and Rules

Access Control Policies can be accessed Policies -> Access Control -> Acess Control

Under the ACPs, there are few categories

  • Prefilter Policy – An ACL check that runs before the ACP evaluation. This allows or denies traffic without deep packet inspection, which may improve performance
  • SSL Policy – This tells the ACP how to handle encrypted traffic. This may decrypt traffic for inspection, block encrypted traffic, or allow encrypted traffic
  • Identity Policy – Used along with Realms to associate traffic with users

Access Control Rules

The access rule determines how to handle unmatched traffic. The default action may be a system policy, a policy inherited from a parent, or a custom Intrusion policy.
Default system actions include:

  • Block all traffic – Block without further inspection. This is the traditional ACL approach. Only allow through traffic that is explicitly permitted
  • Trust All Traffic – Allow without further inspection
  • Intrusion Prevention – Forward traffic to an Intrusion Policy for further inspection
  • Network Discovery – Used for discovering users and hosts only. Does not block traffic

Access Control Rule Configuration

When adding a new rule, there are many options (7) to choose from. Below section will walk through them one by one.

  • Allow – Allows traffic. There may yet be more inspections, such as Intrusion and File policies
  • Trust – Sends traffic straight to the egress interface, without any extra inspections. Identity policies and rate limiting still apply
  • Monitor – Logs traffic, and continues to the rest of the rules
  • Block – Drops traffic silently, causing the connection to timeout
  • Block with reset – Drops traffic, and sends a TCP FIN, so the connection closes rather than times out
  • ​Interactive Block – Displays a web page with conditions that users may accept. This is where the Interactive Block Response Page comes into play
  • ​​Interactive Block with Reset – Combination of interactive block, with a TCP FIN

How to enable MFA in Dokuwiki

Recently, I had to create a Wiki site. So consideriing all the features, my selection was Dokuwiki. Before the go live, I had to secure the Wiki site. My primary concern was MFA (Multi Factor Authentication). I faced some issues while configuring the MFA. So, I thought of sharing this with you. Let’s see how we can enable MFA.

Make sure to slect “Mandatory” as no one can bypass the MFA

  • Then, you need to enable Google Auth. plugin as below

  • Finally, you may verify the MFA by running Enrollment wizard and re login

As you can see, I can not login to the system without providing the configured MFA.