cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2006
Views
0
Helpful
5
Replies

Why use whitelist ip add in IPS?

erb4h1m01
Beginner
Beginner

Hi everybody

I want know why create whitelist ip add in IPS? And if IP of the packet belong to whitelist ip addr that content check in IPS section?or traffic send to IPS?
 

5 Replies 5

Ji-Won Park
Beginner
Beginner

You can whitelist some subnets to avoid inspection.

g1
 

I dont know your answer Ji won. why use whitelist ip addr?

pazzi
Cisco Employee
Cisco Employee

Hi, here is the correct answer.

Whitelists/Blacklists are processed before Access Control Policy rules.

Connections are refused (inbound/outbound) from IP addresses that are Blacklisted.

Connections are accepted from Whitelisted IP addresses. Whitelisted IP addresses take priority over Blacklisted IP addresses.

 

HTH

Paul

Is there a way for Whitelisted IP addresses to not be inspected? It seems like the only reason to have a whitelist is to override the blacklist. Please correct me if I am wrong

Hi

 

When you white list a IP. It means its whitelisted from Security intelligence but it can still be inspected by Intrusion policy. The other way is to create another intrusion policy with signature you need disabled and apply that for that network/IP

If you just need to bypass 1 IP completely, just create a trust rule on top with that IP.

 

Hope that helps,

yogesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: