Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
1
Replies

Threat Response Setup

dbarry
Level 1
Level 1

‎06-02-2003 06:24 AM - edited ‎03-09-2019 03:30 AM

When Defining Protected Hosts, in the IP Address field, should you enter the external and internal addresses? For example, we have a SMTPserver with an external address of 209.99.88.18, and an internal address of 10.10.1.15... Our Threat Response Server in on the internal network. It would seem the external address is needed, as that's what the external IDS sensor sensor reports.

By the way, this seems like the most excellent tool for ridding us of all the IDS "fluff" that occurs!

Labels:
0 Helpful
1 Reply 1

ovanjara
Cisco Employee
Cisco Employee

‎06-04-2003 11:11 PM

Hi,

Currently CTR will only use the IP address reported by the Sensor. So in this case, yes, Public IP would be entered in the protected networks.

Thanks,

Obaid.

0 Helpful
Customers Also Viewed These Support Documents