Configuring Internal Networks in IPS Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2006 04:52 AM - edited 03-10-2019 03:15 AM
How can i define the internal networks for IDS 5.X?
Thank you
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2006 08:20 AM
This is quite easy to do using IDM... Follow the steps below.
1) https to your sensor and log in with your admin account
2) Go to Configuration --> Event Action Rules --> Event Variables
3) Add and IN variable and define all of your internal IP ranges
4) Add and OUT variable that includes everything else (kind of a pain)
If this helps, please rate.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2006 12:57 PM
You aren't kidding on the $OUT part.
So, if you have a 10.x class A
$IN=10.0.0.0-10.255.255.255
Then,
$OUT=0.0.0.0-9.255.255.255,11.0.0.0-255.255.255.255
This can be a real pain if you have many dozens of non-contiguous ranges. I believe Cisco has a utility available (now) to calculate the inverse of $IN (probably because of our complaining of it). I personally prefer the old way of $OUT != $IN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2006 01:06 PM
Actually, I think with the latest sensor OS you can just use an internal variable and it will figure out the OUT variable for you... Hope it helped.
Please rate if it did.
Thanks.
Jay
