How can I configure an IPS exclusion list?

Description

This article explains how to configure an Exclusion list in the Intrusion Prevention Service on the firewall.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1. Click Policy , navigate to Security Services | Intrusion Prevention page.
  2. Navigate to IPS global settings panel.
  3. Select Enable IPS.

Image

     

      4. Click  Configure  button, the IPS exclusion list dialog appears.

Image

     5. Select Enable IPS Exclusion List.

     6.Select either the Use Address Object option or the Use Address Range option.

     7.If you selected the Use Address Object option, select the address object you want to exclude from the menu.

     8.If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.

     9.Enter the IP address range to exclude in the IP address from and the IP address to boxes.

     10.Click OK.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

  1. Click MANAGE , navigate to Security Services | Intrusion Prevention page.
  2. Navigate to IPS global settings panel.
  3. Select Enable IPS.
    Image
  4.  Click  Configure IPS Settings button, the IPS exclusion list dialog appears.
    Image
  5.  Select Enable IPS Exclusion List.
  6. Select either the Use Address Object option or the Use Address Range option.
  7. If you selected the Use Address Object option, select the address object you want to exclude from the menu.
  8. If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.
  9. Enter the IP address range to exclude in the IP address from and the IP address to boxes.
  10. Click OK.

    NOTE: It is possible to only exclude only IP addresses on the whole, not specific services (specific port numbers) from being scanned. On the other hand, specific signatures can be disabled to stop the firewall from scanning traffic against them.


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

  1.  Navigate to  Security Services | Intrusion Prevention page.
  2. Navigate to  IPS global settings panel.
    Image
  3. Select Enable IPS.
  4. Click  Configure IPS Settings button, the IPS exclusion list dialog appears.
    Image
  5.  Select Enable IPS Exclusion List.
  6. Select either the Use Address Object option or the Use Address Range option.
  7. If you selected the Use Address Object option, select the address object you want to exclude from the menu.
  8. If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.
  9. Enter the IP address range to exclude in the IP address from and the IP address to boxes.
  10. Click OK.

    NOTE: It is possible to only exclude only IP addresses on the whole, not specific services (specific port numbers) from being scanned. On the other hand, specific signatures can be disabled to stop the firewall from scanning traffic against them.

Related Articles

  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More
  • CFS blocks valid sites due to incorrect 64: Not Rated tag
    Read More

Categories

Firewalls
TZ Series
IPS/GAV/Spyware
Firewalls
NSa Series
IPS/GAV/Spyware
Firewalls
NSv Series
IPS/GAV/Spyware
not finding your answers?
Ask the Community
was this article helpful?
YesNo