Configuring response filters

Use Response Filters on your Network IPS appliance to control response numbers, to control PAM parameters, and to control how the appliance responds to events triggered by PAM parameters.

About this task

With trusted hosts or hosts that you want the appliance to ignore for any reason, use a response filter set to the Ignore response.

Response Filters have the following configurable attributes:
  • Interfaces (adapters)
  • Virtual LAN (VLAN)
  • Source or target IP addresses
  • Source or target port numbers (all ports or a port associated with a particular service) or ICMP type/code (the appliance uses one or the other)
Notes:
  • When the appliance detects traffic that matches a response filter, the appliance issues the responses specified in the filter. Otherwise, the appliance issues the security event as specified in the event itself.
  • If a security event is disabled, its corresponding response filters are also disabled.
  • The response filters follow rule ordering. Example: if you add more than one filter for the same security event, the appliance issues the responses for the first match. The appliance reads the list of filters from top to bottom.