https://community.cisco.com/t5/network-security/need-help-whitelisting-vm-scanning/m-p/2915321#M43827 <P>Yes. On your Access Control Policy, create a rule to "Trust" that traffic Source and/or destination.&nbsp; Make sure you enable logging so that can search or validate has been Trust (do not inspect).</P> Thu, 30 Jun 2016 20:29:15 GMT Ed Padilla Jr 2016-06-30T20:29:15Z https://community.cisco.com/t5/network-security/need-help-whitelisting-vm-scanning/m-p/2915320#M43826 <P>I have internal Qualys vulnerability scans which target systems inside my web DMZ.&nbsp; Once my AMP 8150 IPS devices see the traffic it appears to be coming from a&nbsp;x-forwarded IP&nbsp;address on&nbsp;our load balancers.&nbsp; Two things I can see when I analyze the packets on the IPS are:</P> <P></P> <P>1. You can see the 'X-Forwarded-For' IP address is in fact the IP address of the Qualys scanner.&nbsp;</P> <P>2. We append the text into the packets: 'Qualys-Scan: VM'</P> <P></P> <P>What are my options for not generating intrusion events for this traffic?&nbsp; My hope was to look at the 'X-Forwarded-For' address and whitelist based on that, but it seems like that may not be possible on the Sourcefire platform(?).&nbsp; Any ideas?&nbsp;</P> <P></P> <P>Thanks in advance</P> Sun, 10 Mar 2019 13:38:11 GMT https://community.cisco.com/t5/network-security/need-help-whitelisting-vm-scanning/m-p/2915320#M43826 kyle.brearley 2019-03-10T13:38:11Z https://community.cisco.com/t5/network-security/need-help-whitelisting-vm-scanning/m-p/2915321#M43827 <P>Yes. On your Access Control Policy, create a rule to "Trust" that traffic Source and/or destination.&nbsp; Make sure you enable logging so that can search or validate has been Trust (do not inspect).</P> Thu, 30 Jun 2016 20:29:15 GMT https://community.cisco.com/t5/network-security/need-help-whitelisting-vm-scanning/m-p/2915321#M43827 Ed Padilla Jr 2016-06-30T20:29:15Z