cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
335
Views
0
Helpful
3
Replies

Configuring Internal Networks in IPS Manager

lcuchisanmillan
Level 1
Level 1

How can i define the internal networks for IDS 5.X?

Thank you

3 Replies 3

jwalker
Level 3
Level 3

This is quite easy to do using IDM... Follow the steps below.

1) https to your sensor and log in with your admin account

2) Go to Configuration --> Event Action Rules --> Event Variables

3) Add and IN variable and define all of your internal IP ranges

4) Add and OUT variable that includes everything else (kind of a pain)

If this helps, please rate.

Thanks.

You aren't kidding on the $OUT part.

So, if you have a 10.x class A

$IN=10.0.0.0-10.255.255.255

Then,

$OUT=0.0.0.0-9.255.255.255,11.0.0.0-255.255.255.255

This can be a real pain if you have many dozens of non-contiguous ranges. I believe Cisco has a utility available (now) to calculate the inverse of $IN (probably because of our complaining of it). I personally prefer the old way of $OUT != $IN

Actually, I think with the latest sensor OS you can just use an internal variable and it will figure out the OUT variable for you... Hope it helped.

Please rate if it did.

Thanks.

Jay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: