IP Address Exception: How does a policy manage conflicting exceptions

Question

Goal: For 10.0.0.0/8 range
- Do not block (can add IP Address Exception for ASM Policy)
- Learn (Can note learning in IP Exception setup)
- BUT, for specific 20 IP in 10.0.0.0/8, Turn OFF learning (but do not block) as allowed vulnerability scanner.
Unsure how asm policy would manage if exceptions conflict.  Any suggestions for implementing this scenario? Thank you.&nbsp;

simon_blakely · Answer

From the help notes for ASM IP Address Exceptions&nbsp;

Note: If an IP address belongs to more than one range (using netmasks) so that there are overlapping IP address ranges, and one IP address is configured as Enabled on any setting on this screen, while another is configured as Disabled, the Enable action takes priority over the Disable action.&nbsp;

check1t_282465 · Answer

Thanks for the clarification. &nbsp;

boneyard · Answer

if you feel it was the correct answer please flag it as such.&nbsp;

Forum Discussion

IP Address Exception: How does a policy manage conflicting exceptions

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

ASM IP Exceptions

Ansible Error: An exception occurred during task execution

iControl 101 - #05 - Exceptions

except ip from asm logging

Lightboard Lessons: ASM Exceptions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS