[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Exempt Rulebase

The exempt rulebase works in conjunction with the IPS rulebase to prevent unnecessary alarms from being generated. You configure rules in this rulebase to exclude known false positives or to exclude a specific source, destination, or source/destination pair from matching an IPS rule. If traffic matches a rule in the IPS rulebase, the system attempts to match the traffic against the exempt rulebase before performing the action specified. Carefully written rules in an exempt rulebase can significantly reduce the number of false positives generated by an IPS rulebase.

Note: Make sure to configure the IPS rulebase before configuring the exempt rulebase.

Table 91 summarizes the options that you can configure in the exempt-rulebase rules.

Table 91: Exempt Rulebase Options

Term

Definition

Match condition

Specify the type of network traffic you want the device to monitor for attacks in the same way as in the IPS rulebase. However, in the exempt rulebase, you cannot configure an application; it is always set to any.

Attack objects/groups

Specify the attack objects that you do not want the device to match in the monitored network traffic.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]