Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Adding a host IP under trusted host in IDSM

Could anyone let me know what is the use / impact of adding one host IP in IDSM under - configuration- trusted host? I am trying to add a host IP which is generating legitmate traffic(to exculde this IP from reporting), however, I would like to get more information that what exatctly will happen if I add this

Thank you,

Sankar

Everyone's tags (3)
10 REPLIES
Community Member

Adding a host IP under trusted host in IDSM

Also, It says the below error when adding, please help on this

Bronze

Adding a host IP under trusted host in IDSM

Well, IPS tries to connect on port 443 by defaut on the target IP address. If it is closed, you'll receive this error.

Alternatively, you can specify the port number in the command.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
Community Member

Adding a host IP under trusted host in IDSM

This isnt the IPS device, its IDSM. also , I am trying to add a trusted host.

Bronze

Adding a host IP under trusted host in IDSM

Right. The trusted-host should have port 443 open.

Once a trusted-host is added, then for future communication the stored key would be used.

Please have a look at the following link:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliTasks.html#wp1056053

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
Community Member

Adding a host IP under trusted host in IDSM

Can you please explain me about my initial query

Bronze

Adding a host IP under trusted host in IDSM

Adding a host as trusted-host does not mean that the traffic from that host won't be analyzed.

If you trust the traffic from a source IP, do you see any false alerts being generated ?

Thanks & Regards, Sawan Gupta
Community Member

Adding a host IP under trusted host in IDSM

the traffic is not a false positive. I want to add the source/destination to the exclusion list so that I should not get this alrert from next time.My requirement it tell the IDSM to trust the traffic and do not declare it as malacious

Bronze

Adding a host IP under trusted host in IDSM

Could you please tell us more about the network topology.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
Community Member

Adding a host IP under trusted host in IDSM

The network topology is very simple, we have server forms connected via an IDSM which is acting as NIDS. it is detecting the malacious traffic on singnature based. I got a alert that one of the server is receving the SQL injection attack from an internet IP and I checked with the server owner and he confirmed that the traffic from the internet  IP is legitimate. so I want to exclude this IP from the NIDS so that I will not get this alert from next time.

Community Member

Adding a host IP under trusted host in IDSM

Hi,

This case please disable the signature which is givinge alert.or tune the signature for ur server.

Regards

Rajeswar

1374
Views
0
Helpful
10
Replies
CreatePlease to create content