Configuring IP addresses and ports for quarantine rules

Use the IP Address and Port area of the Quarantine Rules page for the Network IPS appliance to block events that are occurring on source and target IP addresses or ports.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Response Tuning > Quarantine Rules

Note: You cannot apply quarantine rules to all traffic. You must specify a setting for at least one of the following options in order for the appliance to save the quarantine rule:
  • Protocol name
  • VLAN
  • Source address
  • Target address
  • Source port
  • Target port
The quarantine rule is invalid if you set all the previous options to Any.

Procedure

  1. Click the Add icon.
  2. Click either IPv4 or IPv6 in the IP Version area, depending on your network.
  3. Configure the following options:
    Option Description
    Source Address The appliance accepts comma-separated lists of IP addresses and ranges of IP addresses.

    Any: Filters all IP addresses.

    Exclude: Does not filter a specific IP address or a range of IP addresses.

    Important: Do not use 0.0.0.0-255.255.255.255 as the Site range. If you do, IP addresses are indiscriminately added to your ungrouped assets folder, such as IP addresses from websites.
    Click Import to import a CSV-formatted text file or a TXT file that contains valid IP addresses.
    Note: In the import text file, use a line break to separate each IP address (or range of IP addresses) entry.
    Example:
    192.168.9.10
    
    1.2.3.4 - 3.4.5.6
    
    3.3.3.3, 4.4.4.4, 5.5.5.5
    
    1.1.1.1
    Target Address
    Source Port The appliance accepts comma-separated lists of ports and port ranges.

    Any: Filters all ports.

    Exclude: Does not filter a specific port or a range of ports.

    Target Port
  4. Click OK.

What to do next

On the Add Quarantine Rules window, you can specify general settings such as VLAN tags and protocol types.