I try to define a custom ATOMIC.TCP signature which should trigger an alarm every time a TCP SYN packet will be detected with an external IP address and the destination to our internal privat address space.
Because we are using some subnets with the same RFC1918 addresses for DMZ host communication to our internal network I try to use the address mapping feature to prevent the triggering of TCP sessions initiated from our internal networks to our DMZ hosts or in the other direction.
The first line excludes any of those source addresses from firing the alarm no matter what the destination is. SO if they are going to an external box, your 10 network, or other internals it won't fire.
The second line keeps the alarm from firing if the 10 network is the destination. It won't fire if the source is inside, outsidem or in the 10 network.
So the alarm will still fire if external boxes try to connect to 1/5,8/7,11/8,13/8,16/4,32/3,128/1 or other unlisted addresses.
you missunderstood the my intention. The Alarm should be triggered every time if a tcp syn packet passes the monitoring network with source of outside (Internet) addresses and the destinition of our internal network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...