RSA Admin

CRL-00003 and Exceptions

Discussion created by RSA Admin Employee on May 27, 2011
Latest reply on May 30, 2011 by RSA Admin

Has anyone modified CRL-00003 (Port Scan Detected) to add an Exceptions list?

 

We have a reverse proxy web server that gets flagged constantly by this rule, indicating a port scan between it and the firewall.  We'd like to tell the rule to ignore that source/destination pair

 

Would adding a Filter to each statement on the first Circuit be a good approach, using Watchlists like "Allowed Scan Source" and "Allowed Scan Destination"?

Outcomes