Views:

Procedure:

Edit Reputation settings

Reputation settings apply to all Reputation filters in a profile.

  1. Select Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo.
  2. Click Edit Settings.
  3. Select Locked to lock the settings for all Reputation filters in the profile.
  4. Select a Filter Matching Address to specify which address of an incoming packet is used when it matches a Reputation filter.
  5. Select a Lookup Packet Handling option to specify what the device should do with incoming packets during a Reputation lookup.
  6. Click OK

Create or edit a Reputation filter

  1. Select Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo.
  2. Do one of the following:
    • Click New Reputation to create a new Reputation filter.
    • Select an existing Reputation filter, and click Edit.
  3. Enter a filter title in the Name field, and then select the Locked check box to prevent the ability to edit the filter.
  4. Select the appropriate block or permit action from the Action Set drop-down list, and select the Enabled check box to enable the filter. If you clear this check box, the Reputation filter will not be distributed to the device.
  5. Provide a brief description or comment about the Reputation filter in the Comments field (Optional).
  6. Click Entry Selection Criteria and specify the following items:
    • Entry Criteria - determines the type of address entries from the Reputation Database to include in the filter.
    •  
      NOTE: If the tag criteria contains Does not have this tag, the SMS sends all entries that do not have this tag category to the device including Reputation DV, geographic, and user-provided entries when you distribute the profile.
  1. Click OK.

Change the precedence of a Reputation or Geographic filter (move up/down)

  1. Select Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo.
  2. Select a Reputation or Geographic filter from the table, and then click the appropriate button:
    • Click Move Up to move the highlighted entry up.
    • Click Move Down to move the highlighted entry down.
  3. The new order is automatically saved.
 
NOTE: By default, the Reputation and Geographic filters display in the order in which they were created, and the Reputation engine matches the first filter and applies the selected action.
 
NOTE: Creating a Geographic filter for a country that has a large range of IP addresses and a significant amount of traffic and selecting the Notify action set can affect the device adversely by the large number of events generated.

Delete a Reputation or Geographic filter.

 
IMPORTANT: Deleting a Reputation or Geographic filter will also remove all data relating to that filter; however, any events that were generated for the filter will still be visible. In circumstances in which you no longer need to deny a country but it is linked to events and reports, it may be better to disable the state of the filter rather than delete it.
  1. Select Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo.
  2. Select a Reputation or Geographic filter from the table, and then click Delete. A dialog appears in which you can confirm the deletion.

Create or edit Reputation filter exceptions.

  1. Go to Profiles > Inspection Profiles > Default > Reputation/Geo
  2. Click the Exceptions tab.
  3. To edit an existing Reputation filter exception (IP, DNS, or URL), select an exception name, and then click Edit.
  4. To create a new Reputation filter exception, click Add.
  5. (Optional) Select Locked if you want to lock the settings.
  6. Type a name for the exception in the Name field.
  7. In the Source IP Address field, do one of the following:
    • Select Any IP to apply the restriction to all traffic sources.
    • Select IP Address, and provide or select an IP address to apply the restriction to that specific source.
  8. In the Destination IP Address field, enter an IP address and do one of the following:
    • Select Any IP to apply the restriction to all traffic destinations.
    • Select IP Address, and specify an IP address to apply the restriction to that specific destination.
  9. Click OK.

Create or edit domain name exceptions

  1. Go to Profiles > Inspection Profiles > Default > Reputation/Geo
  2. Click the DNS Exceptions tab.
  3. To edit an existing domain name exception, select a domain name, and then click Edit.
  4. To create a new domain name exception, click Add.
  5. (Optional) Select Locked if you want to lock the settings.
  6. Type a name for the Reputation domain name in the Name field.
    •  
      IMPORTANT: You must explicitly list each domain name that you want to exclude from the filters. Wildcards, such as an asterisk (*), do not work.
  7.  Click OK.
Keywords: sms, reputation filters, reputation settings, manage reputation filters