Setting up a list of excluded computers

Article:HOWTO81159  |  Created: 2012-10-24  |  Updated: 2014-06-17  |  Article URL http://www.symantec.com/docs/HOWTO81159
Article Type
How To


Subject


Setting up a list of excluded computers

You can set up a list of computers for which the client does not match attack signatures or check for port scans or denial-of-service attacks. The client allows all inbound traffic and outbound traffic from these hosts, regardless of the firewall rules and settings or IPS signatures.

You might want to set up a list of computers to exclude from intrusion prevention. Computers might run some legitimate software that intrusion prevention detects as a threat. For example, you might run a vulnerability scanner in your network. Intrusion prevention blocks the vulnerability scanner when it runs. You can exclude the IP address (Source/Destination) of the vulnerability scanner from intrusion prevention detection.

You might also exclude computers to allow an Internet service provider to scan the ports in your network to ensure compliance with their service agreements. Or, you might have some computers in your internal network that you want to set up for testing purposes.

Note:

You can also set up a list of computers that allows all inbound traffic and outbound traffic unless an IPS signature detects an attack. In this case, you create a firewall rule that allows all hosts.

To set up a list of excluded computers

  1. In the console, open an Intrusion Prevention policy.

  2. On the Intrusion Prevention Policy page, click Settings.

  3. If not checked already, check Enable excluded hosts and then click Excluded Hosts.

  4. In the Excluded Hosts dialog box, check Enabled next to any host group that you want to exclude.

    See Blocking traffic to or from a specific server.

  5. To add the hosts that you want to exclude, click Add.

  6. In the Host dialog box, in the drop-down list, select one of the following host types:

    • IP address

    • IP range

    • Subnet

  7. Enter the appropriate information that is associated with the host type you selected.

    For more information about these options, click Help.

  8. Click OK.

  9. Repeat 5 and 8 to add additional devices and computers to the list of excluded computers.

  10. To edit or delete any of the excluded hosts, select a row, and then click Edit or Delete.

  11. Click OK.

  12. When you finish configuring the policy, click OK.



Legacy ID



v8148757_v81626096


Article URL http://www.symantec.com/docs/HOWTO81159


Terms of use for this information are found in Legal Notices