Why use whitelist ip add in IPS?

erb4h1m01 · ‎07-05-2015

Hi everybody

I want know why create whitelist ip add in IPS? And if IP of the packet belong to whitelist ip addr that content check in IPS section?or traffic send to IPS?

Ji-Won Park · ‎07-05-2015

You can whitelist some subnets to avoid inspection.

g1

erb4h1m01 · ‎07-05-2015

I dont know your answer Ji won. why use whitelist ip addr?

pazzi · ‎07-05-2015

Hi, here is the correct answer.

Whitelists/Blacklists are processed before Access Control Policy rules.

Connections are refused (inbound/outbound) from IP addresses that are Blacklisted.

Connections are accepted from Whitelisted IP addresses. Whitelisted IP addresses take priority over Blacklisted IP addresses.

HTH

Paul

jar3l · ‎04-05-2018

Is there a way for Whitelisted IP addresses to not be inspected? It seems like the only reason to have a whitelist is to override the blacklist. Please correct me if I am wrong

yogdhanu · ‎04-05-2018

Hi

When you white list a IP. It means its whitelisted from Security intelligence but it can still be inspected by Intrusion policy. The other way is to create another intrusion policy with signature you need disabled and apply that for that network/IP

If you just need to bypass 1 IP completely, just create a trust rule on top with that IP.

Hope that helps,

yogesh