When you create a Network IPS exception for Host IPS 8.0, use the parameter name
Remote IP Address. This parameter name accepts either a single IP address or an IP address range.
NOTE: Wildcards and Classless Inter-Domain Routing (CIDR) notation values are not acceptable. An error is generated in the
Firesvc.log file, similar to the following:
Valid value: 10.10.10.1
Valid value: 10.10.10.1-10.10.10.255
Invalid value: 10.10.10.0/8
Invalid value: 10.*.10.1
01/31/2013 11:49:40 NipsPolicy.cpp[596] VERBOSE (2000) NipsExceptionsBuilder::Add() - nips exception sig[4] = 3700 for [10.10.10.1].
01/31/2013 11:49:40 NipsPolicy.cpp[596] VERBOSE (2000) NipsExceptionsBuilder::Add() - nips exception sig[4] = 3700 for [10.10.10.1-10.10.10.255].
01/31/2013 11:49:40 NipsPolicy.cpp[588] WARNING (2000) NipsExceptionsBuilder::Add() - nips exception Remote IP Address does not contain a valid IP Address or range [10.10.10.0/8].
01/31/2013 11:49:40 NipsPolicy.cpp[588] WARNING (2000) NipsExceptionsBuilder::Add() - nips exception Remote IP Address does not contain a valid IP Address or range [10.*.10.1].
To create a Network IPS exception manually:
- Log on the ePO console.
- Click Policy Catalog.
- Select Host Intrusion Prevention 8.0:IPS from the Product drop-down.
- Select IPS Rules (All Platforms) from the Category drop-down.
- Click Edit Settings for the IPS Rules policy that you want to change.
- Click the Exception Rules tab.
- Click New.
- Provide an Exception Name.
- Select Enabled for Status.
- Click Add Signatures for the Signatures entry.
- Set the Type filter to Network IPS.
- Select the Network IPS signature to add to the exception and click OK.
NOTE: If no signature is added, the exception applies to all IPS signatures.
- Click New under Parameters.
- In the drop-down list, select (or manually type): Remote IP Address.
NOTE: If the drop-down list does not display, make sure that you have enabled Compatibility Mode within the Internet Explorer browser.
- In the Value section, add a single IP address or an IP address range.
NOTE: Other Remote IP Address parameters can be used in an IPS exception, but make sure that no other parameter names are used. A Network IPS exception accepts only the Remote IP Address parameter.
- Click OK.
- Click OK again to save the new IPS exception.
- Click Save to save the new exception change to the IPS Rules policy.
You can also create a Network IPS exception from a Network IPS event. When you are viewing a Network IPS event, do the following:
- Open the Actions menu and select New Exception (Host IPS 8.0).
- Select the IPS Rules policy to which you want to add the exception.
- After you add the exception to your IPS Rules policy, modify the new rule to add or remove any additional information as needed.