Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
charlie
Participant

IPS Add ip under Prevent

Hello,

I have the fw under IPS protection.

My customer request to modify the action for a single ip.
For all signature put this source ip under Prevent Action so override the action defined under the IPS general rule.
So I created an Exception with source "host ip" Protection/site/File/blade "n-A" service "Any" Action "prevent". It's correct?


Regards,

Christian

 

0 Kudos
1 Reply
Timothy_Hall
Champion
Champion

By putting a Prevent in the Action field of a TP Exception as in your sample rule, the effect will be that any matched protections set for Prevent will still Prevent, and also any protections matched that are set for Detect will also now Prevent.  This exception will not apply to protections that are themselves set to "Inactive", as all an exception does is potentially change the final verdict it does not control which actual protections are enforced. 

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos