cancel
Showing results for 
Search instead for 
Did you mean: 
Arshad
Level 7
Report Inappropriate Content
Message 1 of 2

BlackHole whitelisting

In McAfee Sidewinder 8.2.1 is there any way to bypass my local user IPs from being blackholed due to Policy Violation. Many of my users IPs which have restricted websites access ,  get blackhole only due to their IP going on different unauthorized IPs .  If I bypass local IPs for a specific category like Policy Violation ?

Kindly guide

1 Reply
sliedl
Level 14
Report Inappropriate Content
Message 2 of 2

Re: BlackHole whitelisting

You have to create a new Audit Filter that has 'and not srcip a.b.c.d and not srcip 1.2.3.4' attached to the end of whatever other things you're filtering on (like 'category policy_violation and not srcip a.b.c.d').  Then use that filter in the Attack Responses settings instead of the standard 'category policy_violation' filter.