cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15252
Views
50
Helpful
3
Replies

Whitelist and Blacklist at FireSIGHT

Machi Ma
Level 1
Level 1

Hello,

I am checking the Whitelist and Blacklist at FireSIGHT.

Some question still not clear

1) How to edit Global Whitelist and Global Blacklist?  Because I cannot find add IP address during edit them.

2) When edit Access Control under Policies.  Does it means it will auto handle allow/disallow when add IP into Whitelist and Blacklist under Security Intelligence tab?

Others

3) How can I edit individual IP Object?  Because it only support Subnet Object.

Thanks!

3 Replies 3

ankojha
Level 3
Level 3

Hi,

>>You can edit blacklist and whitelist under objects->SI->edit url lists/feeds and once it is created

you can call this under Global blacklist or whitelist in the access control policy.

>>Yes it will handle it automatically

>>You can use /32 for individual ip

rate if it helps.

Thanks,

Ankita

You're solution does not allow for updating the global-whitelist. You can only view and of course Cisco allows you to create a whitelist. It does not explain how to do so.

Global Blacklist and Whitelist are lists that get populated once you Blacklist or Whitelist an IP from any Events(Connection/Intrusion/File) page by right-clicking an IP. These are default lists and cannot be updated by any other means.

 

 

Please remember to rate useful posts, by clicking on the stars below.

Review Cisco Networking for a $25 gift card