How to Disable Signatures for a Specific Host
33696
Created On 09/25/18 18:02 PM - Last Modified 06/08/23 02:53 AM
Resolution
Overview
This document describes the steps to disable signatures for traffic for a specific host(s).
Steps:
- Navigate to Objects > Security Profiles > Vulnerability Protection.
- Create a new Profile or edit an existing one.
- Under Exception check the "Show all signatures" and than filter the needed signature (for example 30042).
- The default action for this signature is "reset-both". However, for the IP address 10.10.10.10, an exception is created and will not reset the connection when there is a match to the signature, but will allow the traffic. This is done by clicking on the IP Address Exemption Field, adding the IP address in the form, and changing the action to allow. If the exception is needed for multiple IP addresses, add them also in the form. Notice that the count in the IP column will increase.
Don't forget to check the Enable column, so that the exception is enabled for that Vulnerability Profile. - After the change, verify that the change took effect. Under the Profile itself, there should be an increase count in the exception part.
- If this is a new Vulnerability Profile, add it to the applicable security rule.
Note: Vulnerability profile was used in the example above, but the same steps can also be applied to spyware profiles.
owner: ialeksov