1 Reply Latest reply on Jun 4, 2012 4:09 PM by sliedl

    BlackHole whitelisting

    Arshad

      In McAfee Sidewinder 8.2.1 is there any way to bypass my local user IPs from being blackholed due to Policy Violation. Many of my users IPs which have restricted websites access ,  get blackhole only due to their IP going on different unauthorized IPs .  If I bypass local IPs for a specific category like Policy Violation ?

       

      Kindly guide

        • 1. Re: BlackHole whitelisting
          sliedl

          You have to create a new Audit Filter that has 'and not srcip a.b.c.d and not srcip 1.2.3.4' attached to the end of whatever other things you're filtering on (like 'category policy_violation and not srcip a.b.c.d').  Then use that filter in the Attack Responses settings instead of the standard 'category policy_violation' filter.