Configuring IP addresses and ports for response filters

Use the IP Address and Port area on the Response Filters tab to filter events that occur on source and target IP addresses or ports.

About this task

Navigating in the IPS Local Management Interface: Secure Protection Settings > Response Tuning > Response Filters

Navigating in SiteProtector™ Management: select the Response Filters policy

Procedure

  1. Click the Add icon.
  2. Click either IPv4 or IPv6 in the IP Version area, depending on your network.
  3. Configure the following options:
    Option Description
    Source Address(es) Specifies the following options:
    • Any: Filters all IP addresses.
    • Exclude: Does not filter a specific address or a range of addresses.
    Note: Do not use 0.0.0.0-255.255.255.255 as the Site range. If you do, IP addresses are indiscriminately added to your ungrouped assets folder, such as IP addresses from websites.
    Target Address(es) Specifies the following options:
    • Any: Filters all IP addresses.
    • Exclude: Does not filter a specific address or a range of addresses.
    Note: Do not use 0.0.0.0-255.255.255.255 as the site range. If you do, IP addresses are indiscriminately added to your ungrouped assets folder, such as IP addresses from websites.
    Source Port(s) Specifies the following options:
    • Any: Filters all ports.
    • Exclude: Does not filter a specific port or a range of ports.
    Note: The appliance accepts comma-separated lists of ports and port ranges.
    Target Port(s) Specifies the following options:
    • Any: Filters all ports.
    • Exclude: Does not filter a specific port or a range of ports.
    Note: The appliance accepts comma-separated lists of ports and port ranges.

What to do next

On the Add Response Filters window, you can specify general settings and enable responses.