Device Filtering for Syslog exclusion
I currently have a device on my network pinging a public DNS server every two minutes in order to check that it still has Internet connectivity. This is a closed device I am unable to stop the pinging. So, I would like to configure the sonic wall to filter out this device from recording any IPS attempts at an echo reply attack. An example below:
how would I go about doing this?
Thank you so much for you help!
Best Answers
-
Arkwright Community Legend ✭✭✭✭✭
I know this is not the answer to your question but I suggest you disable this IPS alert entirely. ICMP echo is not a threat and these events are just noise.
If you want to specifically exclude this device:
Intrusion Prevention > Signatures > [edit the signature] > Excluded IP Address Range
1 -
bpelleti Newbie ✭
Thank you. I took your second recommendation, and I appreciate it. Have a great day!
0