I am using CSPM 2.3.3i to monitor my IDSM modules version 3.0(3)S10. I setup an advanced filter to block DNS signature (6053) from a single IP address to any. I save the policy and reload the database and the filter does not block the signature.
Have you also approved the new configuration. The filter is in a configuration file that has to be sent to the IDSM.
If you have approved then you can check the packetd.conf file on the IDSM to see if it was written to the IDSM configuration file.
To view packetd.conf:
1) Login to the IDSM cli
2) go into diag mode
3) execute the "report systemstatus" command
You will need to provide login information for an ftp server.
The report command will generate an html based report of config files, error files, etc. for the sensor and then ftp that html file to your ftp server.
Then you can download that html file from the ftp server to your personal desktop and open it with a web browser.
There should be a link in the table of contents for configuration files.
Find the packetd.conf file and look for a line similar to:
RecordOfExcludedPattern 6053 * ipaddress *
If the line is there, and the IDSM is still generating alarms then you may have found a new bug we didn't know about.
You will need to send this report file as well as the output of the "show event current" command from the diag mode which shows the 6053 alarm firing for that signature, to the TAC. They can then forward it to development for them to look at and try to replicate and create a DDTS Issue if necessary.
If the line is not there, then CSPM has not pushed the filter to the IDSM.
Revalidate your changes and push a new configuration.
If it still doesn't appear, then call the TAC. It could be an issue with CSPM itself.
Worst case workaround:
Instead of using the advanced filter window you can manually enter the RecordOfExcludedPatterm line into the Epilogue for the IDSM. This will add the line to the end of packetd.conf.
Of course, you will then Save and Update the database and Approve a new config to the IDSM.
Then use "report systemstatus" to verify that the config line made it into packetd.conf.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...