Issue/Introduction:
Only individual IP addresses or circuits can be placed on APM Resource Protection whitelist.Only individual IP addresses or circuits can be placed on APM Resource Protection whitelist.
Cause:
The whitelist in APM Resource Protection allows to define trusted hosts that will not be subject to detection and mitigation. The current implementation accepts up to 100 specific IP addresses:
CBS# configure apm-resource-protection
CBS(conf-apm-res-protection)# enable
CBS(conf-apm-res-protection)# white-list
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.1
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.2
CBS(conf-apm-res-prot-white-list)# ip 192.168.1.3
...
The CLI doesn't allow to configure an IP subnet.
Resolution:
N/A
Workaround
If a large number of hosts behind a single circuit needs to be on the whitelist, consider to put the circuit itself in the whitelist configuration instead of individual hosts:
CBS(conf-apm-res-protection)# white-list
CBS(conf-apm-res-prot-white-list)# circuit dmz