https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978291#M148638 <P>Hi,</P> <P></P> <P>I have implemented Firepower Intrusion detection on my ASA 5525-X, and how a question: One of the rules blocks traffic between 2 hosts, but I do not want this traffic to be blocked between these hosts. I want the rule to be active, but how can I prevent the rule to block traffic between these 2 hosts, while blocking traffic for other hosts that are hit by the rule?</P> <P></P> <P>Br,</P> <P>Thor-Egil</P> Tue, 12 Mar 2019 08:31:22 GMT cisco 2019-03-12T08:31:22Z https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978291#M148638 <P>Hi,</P> <P></P> <P>I have implemented Firepower Intrusion detection on my ASA 5525-X, and how a question: One of the rules blocks traffic between 2 hosts, but I do not want this traffic to be blocked between these hosts. I want the rule to be active, but how can I prevent the rule to block traffic between these 2 hosts, while blocking traffic for other hosts that are hit by the rule?</P> <P></P> <P>Br,</P> <P>Thor-Egil</P> Tue, 12 Mar 2019 08:31:22 GMT https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978291#M148638 cisco 2019-03-12T08:31:22Z https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978292#M148639 <P>Hello, this can be achived by implementing Access control rule for those two hosts. Let's assume, you need to disable IPS Policy for traffic between 192.168.1.5 and 172.16.1.5. Inseret the new access rule above the rule with IPS policy configured. Choose the "trust" action for new rule. See the attach.</P> <P></P> <P>Alternatively, if you don't want to disable IPS between two hosts completely, you can create a new IPS policy with the signature which blocks traffic between two hosts currently setted to disabled state. After that create the new access rule as in the first example but with action "Allow", and implement a new IPS policy with disabled signature.</P> Fri, 11 Nov 2016 12:01:17 GMT https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978292#M148639 Boris Uskov 2016-11-11T12:01:17Z https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978293#M148640 <P>Thanks, your first solution will work for me.</P> <P></P> <P>Br,</P> <P>Thor-Egil</P> Fri, 11 Nov 2016 12:06:43 GMT https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/2978293#M148640 cisco 2016-11-11T12:06:43Z https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/3679968#M148641 <P>Thanks so much. This was the solution I needed for fix a Site-Site Hyper-V replication problem.</P> Thu, 02 Aug 2018 12:53:10 GMT https://community.cisco.com/t5/network-security/firepower-intrusion-detection-how-to-disable-whitelist-rule-for/m-p/3679968#M148641 zirbesma 2018-08-02T12:53:10Z