This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2011-05-27 10:13 AM

CRL-00003 and Exceptions

Has anyone modified CRL-00003 (Port Scan Detected) to add an Exceptions list?

 

We have a reverse proxy web server that gets flagged constantly by this rule, indicating a port scan between it and the firewall.  We'd like to tell the rule to ignore that source/destination pair

 

Would adding a Filter to each statement on the first Circuit be a good approach, using Watchlists like "Allowed Scan Source" and "Allowed Scan Destination"?

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2011-05-30 07:28 PM

I do exactly this with the CRL-00003 rule and it works well.

Just make sure you define the exception filters on each statement on the first circuit (as you said).

You can either use watchlists or just add the source/destination ip addresses individually.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.