42-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 42 Configuring Attack Response Controller for Blocking and Rate Limiting
Blocking Page
General Tab, IPS Blocking Policy
Use the General tab of the Blocking policy to configure the basic settings required to enable blocking
and rate limiting.
Firewall tab The ASA, PIX, and FWSM devices to be used as blocking devices. The
table shows the IP address (or network/host object) of the device, the
communication method used to log into it, the NAT address of the
sensor (0.0.0.0 if NAT is not used), and the name of the profile that is
used for logging into the device.
To add a firewall, click the Add Row button and fill in the Add
Firewall Device dialog box (see Router, Firewall, Cat6K Device
Dialog Box, page 42-14).
To edit a firewall, select it and click the Edit Row button.
To delete a firewall, select it and click the Delete Row button.
Catalyst 6K tab The Catalyst 6500/7600 devices that are using Catalyst software to be
used as blocking devices. The table shows the IP address (or
network/host object) of the device, the communication method used to
log into it, the NAT address of the sensor (0.0.0.0 if NAT is not used),
and the name of the profile that is used for logging into the device.
Tip Do not use this tab for Catalyst 6500/7600 devices that run
Cisco IOS Software. Instead, use the Router tab.
To add a Catalyst OS device, click the Add Row button and fill in
the Add Cat6K Device dialog box (see Router, Firewall, Cat6K
Device Dialog Box, page 42-14).
To edit a Catalyst OS device, select it and click the Edit Row
button.
To delete a Catalyst OS device, select it and click the Delete Row
button.
Never Block Hosts and
Networks
The hosts and networks that should never be blocked. Hosts and
networks are shown in separate tables. The tables show the IP address
or network/host object for the host or network. These lists do not affect
rate limiting actions, nor do they apply to Deny actions.
To add a host or network, click the Add Row button beneath the
appropriate table and fill in the Add Never Block Host or Network
dialog box (see Never Block Host or Network Dialog Boxes,
page 42-17).
To edit a host or network, select it and click the Edit Row button.
To delete a host or network, select it and click the Delete Row
button.
Table42-1 IPS Blocking Policy (Continued)
Element Description