I would like to know if there's a way from McAfee NSM to block specific attack from specific source or destination address. As I know using IPS policy, we can block an attack, but it is regardless on the source or destination address. And using firewall policy, we can do the blocking from specific source or destination address, but we cannot specify the attacks to be blocked.
Thanks in advance!
in the normal policy settings you can not have different response types. You can create a sub-interface for the specific IPs using interface type CIDR and change the repsonse type of the specific attacks to "blocking". If the specific IPs and the specific attacks don't overlap, you have to create a sub-interface for every single IP which is quite intricate.
Hope this helps.