08-04-2011 01:18 PM - edited 03-10-2019 05:26 AM
Hi guys!!
I need your help to know if it's possible to configure an excepcion for a specific host or ip address in an IPS 4260, I can do this in an AIP-SSM configuring an access-list, but I think it's different on an appliance.
Regards
Solved! Go to Solution.
08-04-2011 01:33 PM
Hi Luis,
An exception on IPS is called an event action filter, I was looking for a config example but instead I found this nice youtube video:
http://www.youtube.com/watch?v=Ho945eUSwbo
If you have a host that is firing a lot of false positives just select it as "attacker" and leave the signature range blank if you dont want to see any signature at all coming from this guy.
I hope this helps.
Raga
08-04-2011 01:33 PM
Hi Luis,
An exception on IPS is called an event action filter, I was looking for a config example but instead I found this nice youtube video:
http://www.youtube.com/watch?v=Ho945eUSwbo
If you have a host that is firing a lot of false positives just select it as "attacker" and leave the signature range blank if you dont want to see any signature at all coming from this guy.
I hope this helps.
Raga
08-04-2011 01:36 PM
Thinking about it, I dont think blank works. You can enter a single signature ID, a comma-separated list, or a range of IDs. The default is to apply the rule to signatures in the range 900-65535.
08-04-2011 01:36 PM
Luis is correct, you want to configure an Event Action Filter for your host IP.
Here's the documentation page for 7.0 CLI:
- Bob
08-04-2011 02:29 PM
Thanks Luis
This was really helpful!!!
Thanks
08-04-2011 03:02 PM
Awesome, Glad I could help
Have a good one!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: