Configure TPS Global IP Address Limits and Exceptions via the LSM!

Summary

Limits and exceptions change the way filters are applied based on IP address. For example, you can specify a limit setting so that filters only apply to specific source and destination IP addresses or address ranges. If a filter has both global and filter-level exception settings, the Threat Suppression Engine (TSE) uses the filter-level settings to determine how to apply the filter. You can configure the following limit and exceptions from the LSM:

Filter Exceptions (specific): Allows traffic that would normally trigger a filter to pass between specific addresses or address ranges without triggering the filter. Configured from the Filter Edit page, these exceptions apply only to the filter where they were configured.

Limit Filter to IP Addresses (global): Only apply filters to traffic between specified source and destination IP address pairs. You can configure IP address limits that apply to all the following filter types: Application Protection, Traffic Normalization, and Network Equipment Protection filters. You can configure separate limits that apply only to Performance Protection filters.

Exceptions (global): Exclude traffic between specified source and destination IP address pairs. You can configure exceptions for the following filter types: Application Protection, Traffic Normalization, Network Equipment Protection, and Performance Protection filters. These exceptions are global for all specified filters.

Details

How To: Configure Global IP Address Limits and Exceptions

From the LSM menu, click Policy > Profiles > IPS.
On the IPS Profiles section, double-click on the name of the security profile that you want to edit.
In the Limits/Exceptions section, add IP addresses to Application Protection Filter Exclusives, Application Protection Filter Exceptions, and Performance Protection Filter Exclusives:
1. Enter the Source Address. Source and Destination IP Addresses can be entered in CIDR format, as "any", or as *.
2. Enter the Destination Address.
3. Click Add to table below.
4. Repeat this process for each IP address exception required.
Click Apply.

How To: Delete a Global Limit/Exception Setting

From the LSM menu, click Policy > Profiles > IPS.
On the IPS Profiles section, double-click on the name of the security profile that you want to edit.
In the Limits/Exceptions section, review the global limit and exception address entries.
Click Delete to delete an entry.
Click Apply.

Reference: Local Security Manager User's Guide

Rating:

Category:

Configure; Troubleshoot; Deploy

Solution Id:

TP000088713

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

Configure TPS Global IP Address Limits and Exceptions via the LSM!