IPS White List

Unanswered Question
Mar 25th, 2009

Running 6.0(5)e3 on IPS 4235. We have monthly scans or our network. I need to setup those the IP's so that they are not subject to the rules by the IPS.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
antonyabraham Thu, 03/26/2009 - 00:14

Yes, you can do this using event action rules/filters. Create a filter, which would exclude “deny” or “block” action from the VA scanner IP to any IP (or a subnet), which is applicable for signatures 900-65355 (default) . It is pretty easy to do once you are in the event action filter screen.

Assuming that you still want to fire events for the scanner events, but want to avoid blocking it. Incase you wouldn't need alerts either, have those actions too selected to have subtracted from a fired event.



This Discussion