I have a server with external and internal IP address. I want to restrict the access to this server. I have 5 IP addresses that should have access to this server. Is there a way I can restrict the access from IPS or this can only be done with access-list on firewall.
You don't say what kind of host this is, but most newer OS's have host-based firewalls that can be used for this purpose.
If your sensor is inline, you could also create an atomic IP signature to block all access to this destination IP. Then create an event action filter that will remove the block action for those 5 source IP address.
Thanks for the reply. We have IPS 4240 and server is for client FTP.
I can create a signature to produce alert when there is any connectivity for the destination server ip address. From what I understand it will produce a alert for any activity for the server ip address. Now I don't see any option in Event Action which tells me to allow the connection because I will have 5 ip addresses in attacker list option, this way it will just allow the connection and if it doesn?t match attackers IP address it should block it.
I'm not exactly sure what you're asking, but here goes a better explaination:
I will assume your running at least version 5.x and that you are actually inline. each signature can have numerous actions. for example, you can "product alert" AND "deny connection inline". If you create just the signature (atomic ip, specify ip addr options->enter dst ip), all connections to that destination IP will be denied right, including the 5 source IP addresses you want to allow?
So the next step is to create an event action filter. for details please read:
an event action filter is used to SUBTRACT an action from an alarm. you want to remove the "deny connection inline" action from the alarm if the source ip is one of those 5. So you create an event action filter for that signature and for those 5 source IP addresses.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :