IP Address Exception set to Never Log - continues to log for IP in this /20 range
We recently upgraded to Big IP ver 220.127.116.11 and have had a couple minor issues along the way.
We have created a new ASM policy and added an "IP Address Exception" to this policy. The exception includes a /20 CIDR (net mask 255.255.240.0). The setting for this IP Exception are as follows:
- Policy Builder: Don't Trust IP
- Brute Force Detection: Include IP
- Learning Suggestions: Ignore IP
- Log Traffic: Never Log
- Block this IP: Policy Default
- IP Intelligence: Include IP
The issue we have is that despite this setting: "Log Traffic: Never Log", we continue to see alerts logged for these IPs. As this is a scanner service we pay for, we wish to prevent this from logging in our TEST environment.
Has anyone had an issue where they were unable to prevent the logging of events despite the IP Address Exception being in place?