Configuring IP addresses and ports for response filters

Use the IP Address and Port area of the Response Filters page for the Network IPS appliance to filter events that occur on source and target IP addresses or ports.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Response Tuning > Response Filters

Navigating in the SiteProtector™ system: select the Response Filters policy

Procedure

  1. Click the Add icon.
  2. Click either IPv4 or IPv6 in the IP Version area, depending on your network.
  3. Configure the following options:
    Option Description
    Source Address The appliance accepts comma-separated lists of IP addresses and ranges of IP addresses.

    Any: Filters all IP addresses.

    Exclude: Does not filter a specific IP address or a range of IP addresses.

    Important: Do not use 0.0.0.0-255.255.255.255 as the Site range. If you do, IP addresses are indiscriminately added to your ungrouped assets folder, such as IP addresses from websites.
    Click Import to import a CSV-formatted text file or a TXT file that contains valid IP addresses.
    Note: In the import text file, use a line break to separate each IP address (or range of IP addresses) entry.
    Example:
    192.168.9.10
    
    1.2.3.4 - 3.4.5.6
    
    3.3.3.3, 4.4.4.4, 5.5.5.5
    
    1.1.1.1
    Target Address
    Source Port The appliance accepts comma-separated lists of ports and port ranges.

    Any: Filters all ports.

    Exclude: Does not filter a specific port or a range of ports.

    Target Port

What to do next

On the Add Response Filters window, you can specify general settings and enable responses.