Allow specific ip through Smart Defense

[dolphynsafe]

I need to allow traffic from a particular host inbound access for some testing. Smart Defense will not allow it through because of the ports and nature of the test. I was wondering if there was a way to allow just this ip address through smart defense but still defend against any other traffic? I thought that there was a type of exclusion list that I could add this ip to?
I know that I can create this new node, then click on the configure servers field. If I check off web server I can then shut off the protections in the webserver tree. This is called web intelligence where I can uncheck what I believe are the smart defense options. Does this sound like a way to implement what I need to do?

[lodown]

Currently there is no "global bypass" for SmartDefense. You can bypass certain hosts on a SD check-by-check basis, but not for all SD checks. I submitted a feature request mid-2007 for this functionality, as we wanted to do this for our Vuln. Assess. appliances, but I am not sure if there has been any traction

lodown

[dolphynsafe]

Thanks for the info.

[wicked]

The following is a way to allow a specific IP to bypass any/all WebIntelligence settings:

If SmartCenter NGX manages a R55 gateway, make all changes to the /opt/CPngcmp/lib/base.def file on the SmartCenter.

If SmartCenter NGX manages an NGX gateway, changes should be made to the $FWDIR/lib/asm.def file on the SmartCenter.


Procedure:

1. Prepare a list of IP addresses for which you want to bypass WebIntelligence.
2. Backup the appropriate file (mentioned above) on the SmartCenter Server.
3. Edit the appropriate file on the SmartCenter:
a. Add the following line to the top of the file to create a variable representing the bypass IP addresses: IPList = {<IP1>,<IP2>,<IP3>};

b. Find the following line:
#define ACTIVATE_WS_GLOBAL_DEFENSE (tcp, dport in http_services, ADD_INSPECTION(SPII_WEBSEC_ID)) or 1

Change it to:
#define ACTIVATE_WS_GLOBAL_DEFENSE (src not in IPList, dst not in IPList, tcp, dport in http_services, ADD_INSPECTION(SPII_WEBSEC_ID)) or 1

c. Find the following line:

#define ACTIVATE_WS_SERVER_DEFENSE ( tcp, get from web_server_rules to sr10, ADD_INSPECTION_WITH_PARAMS(SPII_WEBSEC_ID, sr10)) or ACTIVATE_WS_GLOBAL_DEFENSE

Change it to the following:

#define ACTIVATE_WS_SERVER_DEFENSE ( src not in IPList,dst not in IPList,tcp, get from web_server_rules to sr10, ADD_INSPECTION_WITH_PARAMS(SPII_WEBSEC_ID, sr10)) or ACTIVATE_WS_GLOBAL_DEFENSE Install the Security Policy on the Security Gateway to activate changes.

Note: You can also use an IP range by using the following syntax:
IPList = {<IP_start,IP_end>,<IP2_start,IP2_end>}

Note: If the traffic is passing over non-standard HTTP ports, add a user-defined service and mark the protocol type as HTTP in the Advanced Properties tab.