Hi, I'm trying to create a security policy that would block all critical traffic from source zone "A", to destination zone "B". However, I want to allow traffic from a specific IP in zone "A". How can I make an exception to allow that IP? I assume I could create a policy to allow that IP and then one below it block traffic from that zone but I would prefer not to do that- feel like it could be error prone, etc.
for a single or a few threats you can add an IP exception in the vulnerability protection profile in the exceptions tab, but if you want to exclude an ip from all scanning it's better to create a new rule with a different (alert all) profile
Use the 'Negate' option.
Create a rule which allows the traffic rule like this:
Source Zone = A
Source address = the ones you want to allow AND check the box for 'Negate'
Destination Zone = B
Destination Zone = Allow
Application/Service/Security profile = your choice
Action = Allow
The unwanted IPs would hit the interzone rule, IFF they don't happen to match some other rule.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!