Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS-SSM 6.x Event Variables

This stems from the desire not to fire off an alert for the Generic SQL HTTP Injection rule if the 'victim' is not an internal IP address, so if I'm barking up the wrong tree, feel free to redirect me.

I plan on using an Event filter such that the IPS does not alert for the above mentioned rule when the victim is a webserver outside my LAN. Reading posts over 2 years old here, the 'best' way was to do like 0.0.0.0-9.255.255.255,11.0.0.0-255.255.255.255 assuming I used all the 10.x space. I have many non-contigious ranges so this is shaping up to suck.

Is this still the case, or has cisco come up with a system variable that represents outside IPs. Can I create the inside range and make outside not equal to inside, etc? The documentation seems to be lacking in this area, any help would be appreciated. Thanks!

159
Views
0
Helpful
0
Replies
CreatePlease to create content