06-07-2018 12:42 PM
What does host type(server/client) in profies
and track by source / source and destinantion signify
06-12-2018 08:17 AM
Okay so this one is simply if you want to block the IP address as a whole, or if you want to only block it from hitting that particular server.
Say for example I have a web-server that is going to serve as the destination that is identified and then '8.8.8.8' will serve as my 'Source' or 'Attacker' in this example. If I select 'Track By: Source' and this profile trips it will simply block '8.8.8.8' across my network. If I select Track By: Source and Destination' then it'll only block the IP from hitting that destination IP, or in this case it will only block '8.8.8.8' from hitting the one web-server.
Hopefully that helps.
06-07-2018 01:49 PM
The host type is simply which side of the connection you want to limit the profile too, or if you simply want to apply it to either side. In certain instances you may want to only look at the server side connection, or you may only want to look at the client side depending on the profile you are configuring and where you are using it.
As for the second part of your question you'll have to clarify where you are seeing this in a profile? This is an option when configuring DoS Protection Policies when you configure a Classified policy as you need to know which address to act/look at. If you select source-ip-only then it will only look at connections and act on the source IP address. If you select src-dest-ip-both then you would monitor all connections and the action would apply to both the source and destination IPs. Again if you are speaking strictly about profiles you would have to point out where exactly you are seeing this option.
06-12-2018 08:04 AM
@BPry Its in the vulnerability prifiles only if action is se;lected to block.
06-12-2018 08:17 AM
Okay so this one is simply if you want to block the IP address as a whole, or if you want to only block it from hitting that particular server.
Say for example I have a web-server that is going to serve as the destination that is identified and then '8.8.8.8' will serve as my 'Source' or 'Attacker' in this example. If I select 'Track By: Source' and this profile trips it will simply block '8.8.8.8' across my network. If I select Track By: Source and Destination' then it'll only block the IP from hitting that destination IP, or in this case it will only block '8.8.8.8' from hitting the one web-server.
Hopefully that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
