Specifications
Match Any − This is an unconditional match for a currently applied VLAN. •
Match Selected − The currently applied VLAN is compared against one or more
VLANs selected from the list.
•
Exclude Selected − The currently applied VLAN is not one of the VLANs selected
from the list.
•
Select the Day and Time Ranges that will result in applying the action for this rule.f.
Define an action to be taken when the event matches the above rule criteria. You can define one of
three Standard ASM Actions, define a Custom Action or define both a Standard Action and a Custom
Action. When both are defined, ASM will attempt to apply both actions. If either one fails, then the
other action may still be applied.
NOTES: You should take care when defining both a standard and custom action for a
rule. The two actions should be independent. For example, you could create a
standard action that applies a PVID on a port together with a custom action that
runs a script that assumes that the PVID was applied only to find that the apply
PVID failed.
1.
With one exception, you can undo actions that have been applied. The
exception can occur when two actions are defined within a rule: a standard
ASM action and a custom action. If the standard ASM action fails, the custom
action will be applied and, if successful, cannot be undone. Under these
circumstances, your custom action should be configured to take into account the
potential failure of the standard ASM action.
2.
Standard ASM Actions:
Select one of three standard ASM actions:
None − Take no action for this event.•
Disable Port − Disable the port that is source of the threat. The port can be disabled
permanently or for a specific interval depending on the Duration setting.
•
Apply Policy − A Policy selected from the list can be applied to the port, either permanently
or for a specific interval, depending on the Duration setting.
When the action for a rule is set to Apply Policy and the threat is located on a port on a
device that supports Multi−User Authentication (e.g., Matrix DFE), you can apply a policy to
a specific MAC address or IP address. This lets you isolate a single user instead of affecting
all of the users on the port. You can apply a user−specific policy to an IP address or MAC
address instead of changing the port policy. If the threat MAC Address is unique to a
particular Threat IP (typically on devices at the edge of your network), select MAC to apply
the policy to the MAC address and override its port or dynamic policy. If the threat is on a
device at the core of your network and the MAC Address maps to several IP Addresses, select
IP to apply the policy to the IP Address and override its port or dynamic policy.
NOTE: Policies applied to a MAC source will override policies applied to an IP
source. So, if there is a policy currently applied to a MAC source, applying
a policy to an IP source will have no effect.
•
Apply PVID − A PVID can be selected from the associated drop−down list and applied to
the port. The PVID Egress drop−down list lets you either retain the current PVID egress state
by selecting None or change the egress state to Untagged. When Untagged is selected, the
PVID is applied and the egress state is set to Untagged. When None is selected, the egress
state is unchanged and only the PVID is applied. If you have specified a Discard VLAN as
the PVID, selecting None usually means traffic will be discarded.
•
4.
Automated Security Manager Help
How to Create and Edit Automated Security Manager Rules 61