Exempt Rulebase Example: Exempting a Source Destination Pair
Suppose in your security policy implementation there are schedule phases where your security team probes your internal network for vulnerabilities and you want IDP to generate logs, and phases where you have put your security policy in place and now want to exclude security team traffic from the logs generated by IDP. To support these alternative phases, you can create an Exempt rulebase rule and toggle it off and on.
To create an Exempt rulebase rule:
- Create address objects that contain the security team IP addresses and the protected servers.
- Add the Exempt rulebase to your security policy.
- Add a rule that specifies the source/destination match condition to exempt.
- Add the All group of attack objects.
Figure 1 shows an Exempt rulebase rule.
Figure 1: Exempt Rulebase Rule
To toggle the rule off, right-click it and select Disable.
