Scanning Policies At The Interface Level - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
6

Scanning policies at the interface level

Each interface of a Network Security Sensor can be configured with a different IPS policy.
This is particularly useful if you have deployed a multi-port Network Security Sensor to
protect a variety of network environments. Taking this one step further, each sub-interface
created within an interface can also have a separate IPS policy applied.
At the interface level, IPS policy is inherited from the parent admin domain. This policy can
be changed per interface by performing the steps at Managing the policy applied to an
interface (on page 222). Thus, you can apply a different IPS policy to each port, port pair,
or port cluster. A port cluster is a grouping of multiple Sensor interfaces into one interface
instance. This is useful if you deploy an asymmetrically routed network.
Note 1:
164).
Note 2:
policy of its new domain.
The
actions in the IPS Sensor interface level:
•
•
•
•
Figure 219: Interface: Policy Tab
Note 2: The maximum value in each field is 255. If you enter ".", you are tabbed
to next field.
Note 3: Only numerical values between 0—9 are allowed. Special characters
are not allowed.Pressing tab after the last field tabs you to select mask field.
Note 4: If you are creating another sub-interface from a CIDR address that has
not been allocated, you can check to see which have already been allocated by
List of Allocated CIDRs
clicking
Finish
Click . The new sub-interface appears in the
the Resource Tree as a node under the interface node within which it was created.
For information on port clusters, see Creating an interface group (on page
If an interface is allocated to a child admin domain, the interface inherits the
Scanning IPS Settings > IPS Sensor _Name > Interface-x > Scanning
tab (
Enabling IPS policies on the interface (on page 222): Change the current IPS policy
applied to an interface.
Customizing one or more DoS policies for an interface (on page 229): Customize DoS
policy rules for an entire interface, a specific VLAN or CIDR ID within an interface, or a
specific CIDR host within a Dedicated interface or VLAN/CIDR ID.
Managing Alert Filter association at Interface level (on page 231): Manage alert filters
at the IPS Sensor interface level.
Viewing the applied DoS policies of an interface (on page 232): View the status of
DoS policies applied to an entire interface.
.
Sub-Interface List
221
The IPS Sensor_Name node
table as well as in
) provides the following