Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
8
Helpful
2
Replies

Exclude an IP being blocked on a signature

Shibu1978
Level 1
Level 1

‎02-17-2014 01:55 PM - edited ‎03-10-2019 06:09 AM

Dear All,

In our AIP-SSM 20  signature 11020/0 1 /2/3 & 4 are configured to be denied.

Is there any way we can exclude 01 IP from being denied by this signature? 

Any reponse would be appreciated.

Thanks

Labels:
0 Helpful
2 Replies 2

JonPBerbee
Level 1
Level 1

‎02-17-2014 02:28 PM

You will need to create an event action filter "service event-action-rules rules0" section of the CLI or through the GUI you can click on Configuration\Policies\Event Action Rules\rules0, click on the Event Action Filters tab on the right.  Create a filter for the source or destination IP address, specify the signature(s) you want to filter on, and then select the actions to remove, such as create alert or drop packet.

Jon.

dadaramola
Level 1
Level 1
In response to JonPBerbee

‎02-19-2014 10:05 AM

True JonPBerbee,

Here is further readup to corroborate...

http://popravak.wordpress.com/2012/04/30/event-action-filters/

Daniel.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card