cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1015
Views
3
Helpful
4
Replies

Whitelist Features | Cisco NGFW

hanguye3
Cisco Employee
Cisco Employee

Hi team,

Kindly help to advise us on the situation below: if I add a pc with multiple application vulns into the whitelist, can the Dashboard detect and alert the admin when this PC come through the GW?

Thanks in advance.

Br,

hainm

4 Replies 4

miculp
Cisco Employee
Cisco Employee

If you're speaking of the "global whitelist" or when you right-click on an IP in a connection event, and choose whitelist (adds to global whitelist), then this will not effect detection of this host. This whitelist only pertains to Security Intelligence. For example you have a vendor or partner's public IP end up in an SI category, you can "whitelist" that IP to keep business running. That said, you should be suspect of whitelisting anything that has ended up in a Talos SI list.

Hi bro,

So u mean the whitelist host will not show up on the dashboard even it got vuls?

Best regards,

.:|:.:|:. Hai Nguyen

Systems Engineer | Cisco Systems Vietnam

Desk: +84 24 3974 6248 | Mobile: +84 904 373 746 | hanguye3@cisco.com<mailto:hanguye3@cisco.com>

No, the global whitelist (assuming that's what y we're all talking about) will only prevent Security Intelligence from blocking a packet to a known bad actor. Network discovery, access control, file and intrusion, etc policies will continue to function as configured.

Many tks bro.

Sent from my Samsung Galaxy smartphone.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: