Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Threat Response Setup

When Defining Protected Hosts, in the IP Address field, should you enter the external and internal addresses? For example, we have a SMTPserver with an external address of 209.99.88.18, and an internal address of 10.10.1.15... Our Threat Response Server in on the internal network. It would seem the external address is needed, as that's what the external IDS sensor sensor reports.

By the way, this seems like the most excellent tool for ridding us of all the IDS "fluff" that occurs!

1 REPLY
Cisco Employee

Re: Threat Response Setup

Hi,

Currently CTR will only use the IP address reported by the Sensor. So in this case, yes, Public IP would be entered in the protected networks.

Thanks,

Obaid.

86
Views
0
Helpful
1
Replies
CreatePlease to create content