10-02-2006 04:52 AM - edited 03-10-2019 03:15 AM
How can i define the internal networks for IDS 5.X?
Thank you
10-02-2006 08:20 AM
This is quite easy to do using IDM... Follow the steps below.
1) https to your sensor and log in with your admin account
2) Go to Configuration --> Event Action Rules --> Event Variables
3) Add and IN variable and define all of your internal IP ranges
4) Add and OUT variable that includes everything else (kind of a pain)
If this helps, please rate.
Thanks.
10-02-2006 12:57 PM
You aren't kidding on the $OUT part.
So, if you have a 10.x class A
$IN=10.0.0.0-10.255.255.255
Then,
$OUT=0.0.0.0-9.255.255.255,11.0.0.0-255.255.255.255
This can be a real pain if you have many dozens of non-contiguous ranges. I believe Cisco has a utility available (now) to calculate the inverse of $IN (probably because of our complaining of it). I personally prefer the old way of $OUT != $IN
10-02-2006 01:06 PM
Actually, I think with the latest sensor OS you can just use an internal variable and it will figure out the OUT variable for you... Hope it helped.
Please rate if it did.
Thanks.
Jay
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: