Vulnerability Exception Based Upon Source or Destination IP Address to change the default behavior

Details

Creating a vulnerability exception will add a particular exception for all the traffic specified on the security rule, this will function globally for all the IP addresses specified in the subnet called under that rule. However, it is possible to narrow the scope of this exception for be applied to only one particular source or destination IP via IP Address Exemptions.

Using the IP Address Exemptions column in a Vulnerability threat exception will add IP address filters to a threat exception. In simple words, only the IPs in IP exemption will execute the action in the threat exception, and everything else will behave as expected on the Vulnerability Protection profile. 

Steps

1. Inside of the WebGUI, go to Objects > Security Profiles > Vulnerability Protection > click on the Exceptions tab, ensure the "Show all signatures" is checked and enter the Threat ID and click Enable. In the IP Address Exemption column, click inside the blank field to open the IP Address Exemptions Window. From here, add both the Source and Destination IP addresses to be exempted on the exception list. Then change the action on the threat exception you want to implement for the selected IPs (so if you are whitelisting these IPs 'alert' or 'allow' as an example).

-Please note: the action configured for a particular threat ID within the "Exceptions" tab will supersede the action configured within the "Rules" tab of the vulnerability protection profile. reference: Link

For more information on configuring exceptions, please see:

How to Use Anti-Spyware, Vulnerability and Antivirus Exceptions to Block or Allow Threats

owner: dantony