Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS White List

Running 6.0(5)e3 on IPS 4235. We have monthly scans or our network. I need to setup those the IP's so that they are not subject to the rules by the IPS.

Thanks.

1 REPLY
Community Member

Re: IPS White List

Yes, you can do this using event action rules/filters. Create a filter, which would exclude “deny” or “block” action from the VA scanner IP to any IP (or a subnet), which is applicable for signatures 900-65355 (default) . It is pretty easy to do once you are in the event action filter screen.

Assuming that you still want to fire events for the scanner events, but want to avoid blocking it. Incase you wouldn't need alerts either, have those actions too selected to have subtracted from a fired event.

http://www.cisco.com/en/US/docs/security/ips/6.2/configuration/guide/cli/cli_event_action_rules.html

431
Views
0
Helpful
1
Replies
CreatePlease to create content