Filter
Top Products
42-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 42 Configuring Attack Response Controller for Blocking and Rate Limiting
Blocking Page
• To edit a device, select it and click the Edit Row button.
• To delete a device, select it and click the Delete Row button.
Step 6 Click the Never Block Hosts and Networks tab and identify the hosts and networks that should never
be blocked. These lists affect blocking actions, but they do not affect limiting actions. Identify your
trusted networks and hosts:
• To add a host or network, click the Add Row button beneath the appropriate table and fill in the Add
Never Block Host or Network dialog box (see Never Block Host or Network Dialog Boxes,
page 42-17).
• To edit a host or network, select it and click the Edit Row button.
• To delete a host or network, select it and click the Delete Row button.
Blocking Page
Use the Blocking page to configure IPS sensor blocking properties. Configure the blocking policy only
if you use the Request Block Connection, Request Block Host, or Request Rate Limit event actions in
your signatures or event actions policies. Blocking hosts are used only for events to which these actions
are assigned.
Tip The list of hosts and networks to never block applies only to the Request Block Connection and Request
Block Host event actions. The list does not affect rate limiting, nor does it affect any of the Deny actions
such as Deny Packet Inline. To exempt hosts and networks from Deny or rate limiting actions, use event
action filter rules, specify the hosts and networks as Attackers, and remove the actions from events. For
more information, see Configuring Event Action Filters, page 39-4.
Navigation Path
• (Device view) Select Platform > Security > Blocking from the Policy selector.
• (Policy view) Select IPS > Platform > Security > Blocking, then select an existing policy or create
a new one.
Related Topic
• Configuring IPS Blocking and Rate Limiting, page 42-7
• Understanding IPS Blocking, page 42-1
• Strategies for Applying Blocks, page 42-3
• Understanding Rate Limiting, page 42-4
• Understanding Router and Switch Blocking Devices, page 42-4
• Understanding the Master Blocking Sensor, page 42-6
• Understanding IPS Event Actions, page 39-2