Viewing and Deleting Suppression Conditions

You may want to view or delete an existing suppression condition. For example, you can suppress event notification for packets originating from a mail server IP address because the mail server normally transmits packets that look like exploits. If you then decommission that mail server and reassign the IP address to another host, you should delete the suppression conditions for that source IP address.

Procedure

Step 1

Choose Policies > Access Control > Intrusion.

Step 2

Click Snort 2 Version next to the policy you want to edit.

If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 3

Click Rules immediately under Policy Information in the navigation panel.

Step 4

Choose the rule or rules for which you want to view or delete suppressions.

Step 5

You have the following choices:

  • To remove all suppression for a rule, choose Event Filtering > Remove Suppressions.
  • To remove a specific suppression setting, click the rule, then click Show details. Expand the suppression settings and click Delete next to the suppression settings you want to remove.

Step 6

Click OK.

Step 7

To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes.

If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy.

What to do next

  • Deploy configuration changes.