Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Defining IPS filters in CSM

When you are defining filters in CSM, is it possible to use several IPs or ranges of IPs in the "Attackers" and "Victims" tab?

Thank you

3 REPLIES
Cisco Employee

Re: Defining IPS filters in CSM

The sensor itself will accept several single IPs and IP ranges in a comma delimited list in it's event action filters.

For example:

10.10.1.1,10.10.1.3,10.20.1.0-10.20.1.255,10.20.5.0-10.20.5.255

I am fairly sure that CSM would also similarly support this ability for filling in those same fields for the sensor.

Gold

Re: Defining IPS filters in CSM

You can use ranges as Marcabal described above, or you can use variables. If you have IP address ranges that are used across multiple Event Action Filters you can assign them in CSM's "Policy Object Manager" Networks/Hosts (consider this a global variable). If you have the same Event Action Filters on multiple sensors with different IP address ranges, make the above "overwritable" and customize each sensor under CSM's "Device Properties" Networks/Hosts (this would be a similar to a local variable).

New Member

Re: Defining IPS filters in CSM

We want to use several IPs as in the Marcabal's example but in the CSM appears "Invalid value". We have tried with different separators apart from a comma. It has no sense creating a variable for each filter we use.

245
Views
0
Helpful
3
Replies