06-03-2017 02:45 AM - edited 03-10-2019 06:51 AM
We have deployed sourcefire 7125 with defence center 1500 recently.
We get alot of alert through email about 10.1.1.10 with port 445, 10.1.1.10 is our share file server so that is normal to open that port in the server.
How could we classify that 10.0.0.0/8 is allowed connect to 10.1.1.10:445 and wont get email alert any more.
Thank you!
Solved! Go to Solution.
06-03-2017 08:49 AM
Create a new rule in your Access Control Policy with those addresses in it and action "Trust". Make sure it is above any more general rules. Save and deploy.
06-03-2017 08:49 AM
Create a new rule in your Access Control Policy with those addresses in it and action "Trust". Make sure it is above any more general rules. Save and deploy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide