Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

MARS: Tweaking rules on subnets internal to firewall to be less sensitive

baskervi
Level 1
Level 1

‎01-21-2006 08:15 PM - edited ‎03-10-2019 01:51 AM

The MARS alerts are firing as rapidly on the internal networks as they do for external networks. Is there a global command to make the MARS less sensitive to hits from the internal subnets, or does a rule have to be customized? Thanks again.

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎01-25-2006 08:26 AM

You could create a MARS drop rule to ignore messages where the src = internal network(s). That is certainly not how I would recommend tuning your environment, but it will cut down on the number of incidents;-) It sounds to me like the devices reporting into MARS could use some tuning.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card