2 Replies Latest reply on May 16, 2014 10:45 AM by bkile1

    ACE configuration documentation

    bkile1

      Is there a good source document to use for ACE configuration. I was hoping to find a source to assist in "tuning" the ACE.  How to whitelist an IP or even a user name? I have not been able to find anything yet to develop more in-depth questions but I hope to....

       

      B

        • 1. Re: ACE configuration documentation
          dcobes

          The answer you don't want to hear....

           

          Tuning via whitelisting is pertty much a case-by-case basis. I suggest utilizing varibles within Policy Editor and Watchlists. To "whitelist" your ip or username, you could make a watchlist called "Good Users" and in the correlations that apply, add in an "AND" statement that says Source User (or) Destination user (depending on your rule) is NOT IN Watchlist "Good Users"

           

          -d

          • 2. Re: ACE configuration documentation
            bkile1

            I have it currently filtering a specific username out via ACE, Correlation Engine, Setting, Filters then appling the a similar watchlist. My goal is to be able to have four watchlists. Those four being source user, dest. user, source IP, dest. IP so all would be filtered. However, I have not been successful with applying the NOT IN rule for all four of the statements. I not sure on if the filter needs to go And then or WL, or WL, or WL, or WL etc. Still in the testing phase at this time.