Link to home
Create AccountLog in
Avatar of eggster34
eggster34

asked on

Bypass IDS for certain IP addresses on PIX515

Hi

I have the basic IDS system on my PIX enabled via the below commands

ip audit name INFOPOLICY info action alarm
ip audit name ATTACKPOLICY attack action alarm drop reset
ip audit interface outside INFOPOLICY
ip audit interface outside ATTACKPOLICY
ip audit interface inside INFOPOLICY
ip audit interface inside ATTACKPOLICY
ip audit interface dmz1 INFOPOLICY
ip audit interface dmz1 ATTACKPOLICY
ip audit interface dmz2 INFOPOLICY
ip audit interface dmz2 ATTACKPOLICY
ip audit interface dmz3 INFOPOLICY
ip audit interface dmz3 ATTACKPOLICY

How can I configure the ip audit system to bypass a list of ip addresses and allow them in?
Avatar of debuggerau
debuggerau
Flag of Australia image

IDS is related to the interface, not IP address.

I don't know if you can configure a virtual interface and apply a audit policy for that, but if possible, I hope someone can enlighten us both...
Avatar of eggster34
eggster34

ASKER

what I meant was, when you apply IDS to the outside interface, how can you define a list of hosts to bypass the scrutiny of the IDS sensor?
You can list hosts that should not be scanned for threat detection, but if you enable basic protection, you will need to disable, remove or change the IDS signatures for the whole unit, not per IP address...

ASKER CERTIFIED SOLUTION
Avatar of debuggerau
debuggerau
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account