Configuring response filters

Response filters control response numbers, PAM parameters, and how the Network IPS appliance responds to events that are triggered by PAM parameters.

About this task

With trusted hosts or hosts that you want the appliance to ignore, use a response filter set to the Ignore response.

Response filters use the following configurable attributes:
  • Interfaces (adapters)
  • Virtual LAN (VLAN)
  • Source or target IP addresses
  • Source or target port numbers (all ports or a port associated with a particular service) or ICMP type/code (the appliance uses one or the other)
Notes:
  • When the appliance detects traffic that matches a response filter, the appliance issues the responses specified in the filter. Otherwise, the appliance issues the security event as specified in the event itself.
  • If a security event is disabled, its corresponding response filters are also disabled.
  • The response filters follow rule ordering.
    Example: If you add more than one filter for the same security event, the appliance issues the responses for the first match. The appliance reads the list of filters from top to bottom.