Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MARS - drop rules

I have a MARS20 configured to a IPS4240 placed between internet & LAN, and i want to stop my internal network to stop triggering the incidents and stop producing false positive; based on the assumption that my LAN is secure.

So I have created a drop rule to log to DB, source-192.168.0.0 255.255.0.0, remaining parameters as Any.

The rule is active, but i still get incidents w source from LAN.

am i missing something?

Cash

1 REPLY
Gold

Re: MARS - drop rules

did you click "activate"?

109
Views
0
Helpful
1
Replies