07-03-2019 07:47 AM
Have a pair of 5515-IPS that are having a pen test done soon. We need to whitelist the pen test company IP addr from the IPS module.
Does anyone have any suggestions on how to do this? Had thought of possibly excluding those addresses from the policy map and/r class map but not sure which one or how to do that.
TIA
Solved! Go to Solution.
07-04-2019 07:52 AM
If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".
Make the ACL simple - first deny the pen testing address(es) then permit all.
07-03-2019 10:37 PM
07-04-2019 01:36 AM
07-04-2019 07:52 AM
If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".
Make the ACL simple - first deny the pen testing address(es) then permit all.
07-05-2019 07:01 AM
07-05-2019 07:51 AM
Correct. The Pen testing address(es) never get evaluated by the IPS module if you do that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide