Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MARS: Tweaking rules on subnets internal to firewall to be less sensitive

The MARS alerts are firing as rapidly on the internal networks as they do for external networks. Is there a global command to make the MARS less sensitive to hits from the internal subnets, or does a rule have to be customized? Thanks again.

1 REPLY
Gold

Re: MARS: Tweaking rules on subnets internal to firewall to be l

You could create a MARS drop rule to ignore messages where the src = internal network(s). That is certainly not how I would recommend tuning your environment, but it will cut down on the number of incidents;-) It sounds to me like the devices reporting into MARS could use some tuning.

128
Views
0
Helpful
1
Replies
CreatePlease to create content