Considerations for configuring APM Resource Protection whitelist
Article ID: 167977
Updated On:
Products
XOS
Issue/Introduction
Only individual IP addresses or circuits can be placed on APM Resource Protection whitelist.Only individual IP addresses or circuits can be placed on APM Resource Protection whitelist.
Cause
The whitelist in APM Resource Protection allows to define trusted hosts that will not be subject to detection and mitigation. The current implementation accepts up to 100 specific IP addresses:
CBS# configure apm-resource-protection
CBS(conf-apm-res-protection)# enable
CBS(conf-apm-res-protection)# white-list
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.1
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.2
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.3
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.3
...
The CLI doesn't allow to configure an IP subnet.
The CLI doesn't allow to configure an IP subnet.
Resolution
N/A
Workaround
If a large number of hosts behind a single circuit needs to be on the whitelist, consider to put the circuit itself in the whitelist configuration instead of individual hosts:
CBS(conf-apm-res-protection)# white-list
CBS(conf-apm-res-prot-white-list)# circuit dmz
Feedback
Powered by
