Threat Response Setup

Unanswered Question
Jun 2nd, 2003
User Badges:

When Defining Protected Hosts, in the IP Address field, should you enter the external and internal addresses? For example, we have a SMTPserver with an external address of 209.99.88.18, and an internal address of 10.10.1.15... Our Threat Response Server in on the internal network. It would seem the external address is needed, as that's what the external IDS sensor sensor reports.


By the way, this seems like the most excellent tool for ridding us of all the IDS "fluff" that occurs!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ovanjara Wed, 06/04/2003 - 23:11
User Badges:
  • Cisco Employee,

Hi,

Currently CTR will only use the IP address reported by the Sensor. So in this case, yes, Public IP would be entered in the protected networks.


Thanks,


Obaid.

Actions

This Discussion