Chapter 3 IPS Filtering

Configure Filter Limits/Exceptions based on IP

Address

Limits and exceptions allow you to configure the device so that the filters in a Security Profile can be applied differently based on IP address. For example, you can specify a limit setting so that filters only apply to specified source and destination IP addresses or address ranges. You can configure the following limit and exceptions from the LSM:

Filter Exceptions (specific)— Allow traffic that would normally trigger a filter to pass between specific addresses or address ranges without triggering the filter. Configured from the Filter Edit page, these exceptions apply only to the filter on which they are configured.

Limit Filter to IP Addresses (global) —Only apply filters to traffic between specified source and destination IP address pairs. You can configure IP address limits that apply to all the following filter types: Application Protection, Traffic Normalization, and Network Equipment Protection filters. You can configure separate limits that apply only to Performance Protection filters.

Exceptions (global) — Exclude traffic between specified source and destination IP address pairs. You can configure exceptions for the following filter types: Application Protection, Traffic Normalization, Network Equipment Protection, and Performance Protection filters. These exceptions are global for all specified filters.

If a filter has both global and filter-level exception settings, the Threat Suppression Engine uses the filter-level settings to determine how to apply the filter.

The following sections describe the procedures to configure and delete global limits and exceptions from the Security Profile page.

“Configure Global IP address Limits and Exceptions” on page 34

“Delete a Global Limit/Exception Setting” on page 35

Configure filter-level exceptions: “Edit Individual Filter Settings” on page 32

Configure Global IP address Limits and Exceptions

STEP 1

STEP 2

STEP 3

From LSM menu, click IPS. Then, edit the Security Profile where you want to modify limit/ exception settings.

On the Edit Security Profile page in the Advanced Options section, scroll down to the Lim- its/Exceptions table.

Click Show Advanced Options if the Advanced Options table is not displayed.

In the Limits/Exceptions section, specify the Application Protection Filter Exclusives (lim- its) for Application Protection, Traffic Normalization, and Network Protection filters:

STEP A

STEP B

STEP C

STEP D

Enter the Source Address.

Source and Destination IP Addresses can be entered in CIDR format, as “any” or as *.

Enter the Destination Address.

Click add to table below.

Repeat this process for each IP address exception required.

34 X Family LSM User’s Guide V 2.5.1