TippingPoint recommends configuring the management port on the TPS to use a non-routed IP address from the RFC-1918 Private Address space. This helps prevent direct attacks on the management port from the Internet. Additionally, the management port IP Address filter feature should be used to limit access to the management port. Only addresses defined by the command will be allowed to access the TPS. Host IP filters are essentially ACLs on the management port of the TPS.
When the TPS is initially configured, the default security policy is set to permit any. Once you establish a host IP filter, whether it is a permit or deny, then the default IP filter becomes deny any, the old legal idea of the inclusion of one is to the exclusion of all others). If you are doing this via SSH (not the console), the first thing you must do is a permit rule for the IP address you are on or you will deny your IP access to the management port inadvertently.
"Management interface under attack" This message appears when too much of the traffic sent to the management port wasn't meant for the management IP address - too much broadcast traffic for instance.
| Command | Comment |
| ip-filter (allow|deny) (https|icmp|snmp|ssh|ip) [ip] | Permits or denies communications with the management port from specified IP addresses. |
| tps {running-mgmt} ip-filter allow ip 192.168.1.32/32 | Limit management port access to one host IP. |
| tps {running-mgmt} ip-filter deny ip 192.168.1.32/32 | Remove host access from one IP to the management port. |
| tps {running-mgmt} ip-filter allow ip 192.168.1.0/24 | Limit management port access to one subnet. |
| tps {running-mgmt} ip-filter deny ip 192.168.1.0/24 | Remove subnet access to management port. |
| tps {running-mgmt} ip-filter allow default | Restore default action back to "permit any". |