How can I configure an IPS exclusion list?

08/12/2022 802 People found this article helpful 494,935 Views

Description

This article explains how to configure an Exclusion list in the Intrusion Prevention Service on the firewall.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Click Policy , navigate to Security Services | Intrusion Prevention page.
Navigate to IPS global settings panel.
Select Enable IPS.

4. Click Configure button, the IPS exclusion list dialog appears.

5. Select Enable IPS Exclusion List.

6.Select either the Use Address Object option or the Use Address Range option.

7.If you selected the Use Address Object option, select the address object you want to exclude from the menu.

8.If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.

9.Enter the IP address range to exclude in the IP address from and the IP address to boxes.

10.Click OK.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Click MANAGE , navigate to Security Services | Intrusion Prevention page.
Navigate to IPS global settings panel.
Select Enable IPS.
Click Configure IPS Settings button, the IPS exclusion list dialog appears.
Select Enable IPS Exclusion List.
Select either the Use Address Object option or the Use Address Range option.
If you selected the Use Address Object option, select the address object you want to exclude from the menu.
If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.
Enter the IP address range to exclude in the IP address from and the IP address to boxes.
Click OK.
NOTE: It is possible to only exclude only IP addresses on the whole, not specific services (specific port numbers) from being scanned. On the other hand, specific signatures can be disabled to stop the firewall from scanning traffic against them.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Navigate to Security Services | Intrusion Prevention page.
Navigate to IPS global settings panel.
Select Enable IPS.
Click Configure IPS Settings button, the IPS exclusion list dialog appears.
Select Enable IPS Exclusion List.
Select either the Use Address Object option or the Use Address Range option.
If you selected the Use Address Object option, select the address object you want to exclude from the menu.
If you selected the Use Address Range option, click Add, the add IPS range entry dialog appears.
Enter the IP address range to exclude in the IP address from and the IP address to boxes.
Click OK.
NOTE: It is possible to only exclude only IP addresses on the whole, not specific services (specific port numbers) from being scanned. On the other hand, specific signatures can be disabled to stop the firewall from scanning traffic against them.