Ips Quarantine Configuration In Admin Domain - McAfee M-1250 - Network Security Platform Configuration Manual
Ips configuration guide version 5.1
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Upgrade manual (58 pages) ,
- Deployment manual (36 pages) ,
- Manual (32 pages)
Table of Contents
Advertisement
McAfee® Network Security Platform 5.1
•
•
•
Note:
Quarantine, but do not prevent them from being subjected to traditional IPS ACL
rules.
IPS Quarantine with alert filters and exclusion
•
•
IPS Quarantine configuration in Admin Domain
You can configure the global IPS Quarantine settings from the Admin Domain. If required,
you can inherit these settings to the IPS Sensor.
From the Admin Domain, following IPS Quarantine configurations are available:
•
•
•
•
•
•
•
Creating network objects for IPS Quarantine
Network objects provide a convenient way of grouping together IP addresses, VLAN,
CIDR or MAC addresses.
To configure network objects from the Manager, do the following:
The traditional ACLs permit certain traffic from a given host and are configured for IPS
Quarantine. The traffic is routed through the IPS quarantine NAZ ACLs and if the
quarantine drops the ACL, then the ACL is dropped. Thus, the IPS Quarantine drop
gets precedence over a traditional ACL permit action.
The traditional ACLs are configured to drop certain traffic from a host, that is, IPS
quarantined, then such traffic are dropped even when the quarantine NAZ ACLs
would indicate a permit for these traffic. Thus, the Traditional ACL drop gets
precedence over the IPS Quarantine permit action.
The traditional ACLs are configured to drop certain traffic from the host, but the host
IP is part of the exclusion list, then the traffic would still get dropped. The ACL drop
over-rides any exclusion list.
Exclusion list only indicates that the excluded hosts do not undergo IPS
When alert filter is enabled, no IPS quarantine action occurs, that is, the host is not
quarantined.
If an IP address is a part of the exclusion list, the host is not quarantined, but traffic is
still subjected to Traditional ACLs.
Creating network objects for IPS Quarantine (on page 115)
Adding Network Access Zones for IPS Quarantine (on page 116)
Configuring Syslog messages for IPS Quarantine (on page 119)
Customizing IPS Quarantine browser messages (on page 120)
Configuring Remediation Portal from IPS Settings (on page 121)
Note:
The configurations for the above tabs are reflected in the respective tabs
NAC Settings > Network Access Setup.
in
IPS Settings > IPS Quarantine > Network Access Zones
Access Zones from
NAC Settings > Network Access Setup > Network Access Zones.
in
IPS Quarantine configuration using Wizard (on page 122)
Summary of IPS Quarantine configurations (on page 123)
For example, the configurations for Network
115
Managing IPS settings
are reflected
Advertisement
Table of Contents
