McAfee® Network Security Platform 5.1
Settings for Suppression
Network Security Platform can be configured to suppress NAC ACL alert generation with
the suppression settings. Within a given time interval, Network Security Platform must
generate a certain quantity of alert logs before the suppression starts. This time interval is
called Suppression Interval. After the Suppression Interval, Network Security Platform can
suppress IPS notifications to McAfee NAC server.
While configuring NAC ACL Logging at the Sensor port level, you can configure the
suppression settings for NAC as well.
To configure the suppression settings in the Manager at the Sensor port level, do the
following:
1
2
3
Sensor port settings for IPS quarantine
To activate IPS Quarantine at the IPS Sensor, you need to select and enable the required
sensor port(s). This is one of the important steps in configuring IPS Quarantine.
Note:
To enable the Network Security Sensor ports for IPS Quarantine, do the following:
1
2
3
4
5
6
In the Resource Tree, select
Logging
.
In the section for suppression, configure the following settings:
Enable Suppression
a.
Suppression Interval
b.
Maximum messages to send before starting suppression
c.
Maximum summary messages sent per suppression interval
d.
Commit Changes
Select
, to save the NAC ACL Settings on the Sensor.
IPS Quarantine is available only for Sensor ports in the inline mode.
From the resource tree, select
From the drop-down, select the Sensor monitoring port where you want to enable IPS
Quarantine.
To configure IPS Quarantine for the selected port using the Wizard, select
Configuration Wizard
.
In the first page of the Wizard, select
Domain level settings for IPS Quarantine to the Sensor port. Note that when you
select this option, the other options in the wizard are grayed out.
If you do not want to inherit the Admin Domain settings, de-select
Note that when you de-select this option, the other options in the wizard are refreshed
and displayed.
IPS Quarantine
In
, configure the following settings:
Enabling IPS Quarantine using the options provided:
a.
IPS Settings > IPS Sensor_Name> > IPS Quarantine> NAC ACL
IPS Settings > IPS Sensor > IPS Quarantine > Port Settings
Use Global Settings
211
The IPS Sensor_Name node
.
Run
, if you want to inherit the Admin
Use Global Settings
.