Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4286
Views
0
Helpful
3
Replies

Firepower Intrusion detection: How to disable/whitelist rule for spesific hosts?

Go to solution
cisco
Level 1
Level 1

‎11-11-2016 12:07 AM - edited ‎03-12-2019 01:31 AM

Hi,

I have implemented Firepower Intrusion detection on my ASA 5525-X, and how a question: One of the rules blocks traffic between 2 hosts, but I do not want this traffic to be blocked between these hosts. I want the rule to be active, but how can I prevent the rule to block traffic between these 2 hosts, while blocking traffic for other hosts that are hit by the rule?

Br,

Thor-Egil

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Boris Uskov
Level 4
Level 4

‎11-11-2016 04:01 AM

Hello, this can be achived by implementing Access control rule for those two hosts. Let's assume, you need to disable IPS Policy for traffic between 192.168.1.5 and 172.16.1.5. Inseret the new access rule above the rule with IPS policy configured. Choose the "trust" action for new rule. See the attach.

Alternatively, if you don't want to disable IPS between two hosts completely, you can create a new IPS policy with the signature which blocks traffic between two hosts currently setted to disabled state. After that create the new access rule as in the first example but with action "Allow", and implement a new IPS policy with disabled signature.

View solution in original post

Preview file
92 KB
0 Helpful
3 Replies 3

Go to solution
Boris Uskov
Level 4
Level 4

‎11-11-2016 04:01 AM

Hello, this can be achived by implementing Access control rule for those two hosts. Let's assume, you need to disable IPS Policy for traffic between 192.168.1.5 and 172.16.1.5. Inseret the new access rule above the rule with IPS policy configured. Choose the "trust" action for new rule. See the attach.

Alternatively, if you don't want to disable IPS between two hosts completely, you can create a new IPS policy with the signature which blocks traffic between two hosts currently setted to disabled state. After that create the new access rule as in the first example but with action "Allow", and implement a new IPS policy with disabled signature.

Preview file
92 KB
0 Helpful

Go to solution
cisco
Level 1
Level 1
In response to Boris Uskov

‎11-11-2016 04:06 AM

Thanks, your first solution will work for me.

Br,

Thor-Egil

0 Helpful

Go to solution
zirbesma
Level 1
Level 1
In response to Boris Uskov

‎08-02-2018 05:53 AM

Thanks so much. This was the solution I needed for fix a Site-Site Hyper-V replication problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card