Security policy: exception question

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
L2 Linker

Security policy: exception question

Hi, I'm trying to create a security policy that would block all critical traffic from source zone "A", to destination zone "B". However, I want to allow traffic from a specific IP in zone "A". How can I make an exception to allow that IP? I assume I could create a policy to allow that IP and then one below it block traffic from that zone but I would prefer not to do that- feel like it could be error prone, etc.

 

Thank you!

Highlighted
L5 Sessionator

Re: Security policy: exception question

Hmm, define 'critical traffic'. Applications with high risk? Critical events from some security profile?

 

Highlighted
L2 Linker

Re: Security policy: exception question

Sorry, should have elaborated on that part. By critical traffic I meant critical threats. Planning on doing that in the profiles.

Highlighted
L5 Sessionator

Re: Security policy: exception question

I would suggest blocking at least critical events on all traffic, but ok.

 

Yeah, you have to make a rule for that specific IP first with security profile set to alert (or no security profile).

After that rule you make a rule from zone A to B with blocking security profile.

 

 

Highlighted
L7 Applicator

Re: Security policy: exception question

for a single or a few threats you can add an IP exception in the vulnerability protection profile in the exceptions tab, but if you want to exclude an ip from all scanning it's better to create a new rule with a different (alert all) profile

 

exception.png

reaper - PANgurus.com
I drink and I know things
Highlighted
L5 Sessionator

Re: Security policy: exception question

Ohh, didn't know about 'ip exemptions' query so far.

Highlighted
L7 Applicator

Re: Security policy: exception question


@santonic wrote:

Ohh, didn't know about 'ip exemptions' query so far.


bonus: you can also add IP exceptions (or policy exceptions) directly from the threat log:

exception log.png

reaper - PANgurus.com
I drink and I know things
Highlighted
L2 Linker

Re: Security policy: exception question

We do block all critical events already, just trying to get a better idea of some things and using a policy for it. I appreciate the help. I think my only option is creating two separate rules.

Highlighted
L4 Transporter

Re: Security policy: exception question

Hi TLineberry,

 

Use the 'Negate' option.

 

Create a rule which allows the traffic rule like this:

Source Zone = A

Source address = the ones you want to allow AND check the box for 'Negate'

Destination Zone = B

Destination Zone = Allow

Application/Service/Security profile = your choice

Action = Allow

 

The unwanted IPs would hit the interzone rule, IFF they don't happen to match some other rule.

 

Hope that helps.

 

Regards,

Anurag

================================================================
ACE 7.0, 8.0, PCNSE 7
Highlighted
L2 Linker

Re: Security policy: exception question

This is exactly what I'm looking for. Thank you!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!