I'm new with McAfee IPS. hope anyone can help me. i like to run a pentest on one of the server via the McAfee IPS. question is, how do i allow the traffic to pass thru the IPS? if i allow the traffic, am i still able to inspect and show the event? can IPS do a packet trace?
Solved! Go to Solution.
I asume you want to unfileter all
- Login to NSM
- Click/Go to "Configure"
- Click on "IPS Settings" tree
- Click on "ACL" tab
- Click on "ACL Editor" to create your ACL (pentest Ip)
- Then click on "ACL Assignments" to assign the ACL
ACL is higher filtering level if you're permit it then the IP will be exclude from checking so it's will not shown
If you want to filter for specific alerts ONLy then.. go to Configure | IPS Settings then
- Alerts Filters
- create alrts filter in Alert Filter Editor and assigned the Alert Filter in Alert Filter Assignment for any port/IPS
With Alert Filter you can configure on how the alerts/signature handle the traffic should it be pass/block etc..