cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1535
Views
0
Helpful
1
Replies

How to whitelist an IP or a host group ?

Coco21
Beginner
Beginner

Hi Team,

 

I need a help,

How to whitelist a host group to avoid alarm, 

 

I am getting alarms in custom security policy for genuine traffic.

To avoid those thing, I have create an host group and add those IPs in that group. After that in custom policy I exclude (except) that host group. 

 

But still I am getting the alarms.

 

Please advice. What to do.

 

1 Reply 1

jamegill
Cisco Employee
Cisco Employee

Hi @Coco21 

It sounds like you are heading in the right direction to group those hosts and apply a Role Policy to squelch those alarms.

When you show the alarm table, look in the Policy column, this will show you which Policy is being triggered to generate the alarms. You will either need to tune the Policy indicated or remove the hosts from the group that policy is applied to.

There are two classes of policies, Default and Role.  Any Role policy supercedes the setting in the Default for the events defined in the policy, but a host with multiple Role Policies is subject to all of them equally.

 

I hope you find that helpful!

--jg

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: