IPS/IDS rules exeptions per ip / host
Please allow to ability to make IPS/IDS rules exeptions that are only valid for a specific from and/or to host or IP.
The reasons is that sometimes you dont want a global exeption of the IPS/IDS rule because it make sense. But you just want to let that one host or ip through the IPS/IDS.
If this tehnically impossible Honza please let me know and kill this idea, I need my votes ;-)
With friendly regards,
Mark Chappell commented
Being able to whitelist an IP, or range of IPs would be of benefit when having to comply with PCIDSS penetration testing. One of the requirements we have to meet is either whitelisting the scanning companies IP range or turning off IPS, turning off IPS doesn't seem to be the right road to travel down.
Ghislain DAVAL commented
I think that a white-list (host ip based) manual management is mandatory. I might have to disable IPS only because an important partner IP is listed as HOSTILE HOST (they've been hacked several months ago). I tried to contact EmergingThreat to know the process to remove that ip from their list ... but no answer.
Please update Kerio Control.
PS : I've been a Kerio customer since 2000 (Winroute), and I know you can do it.