The best approach is to use an ACL instead of an alert filter. This approach allows traffic from that vulnerability scanner to be ignored.
Define an ACL with the source IP of the vulnerability scanner:
- Open the Manager and Select Policy.
- Expand Intrusion Prevention.
- Select Firewall Policies and click New to the lower right.
- On the Properties tab, enter a Name and Description for your Firewall Policy and click Next.
- Create a Firewall Rule by clicking the Insert New Rule button on the lower left.
- In the Rule Details tab, add a Source Address and click OK.
- Save the Firewall Policy and assign it to the respective Sensor Interface.
For more details about configuring Firewall Policies, see the "IPS Administration" section of the Product Guide for your release.
To apply the configuration update:
- Select Devices and select the Devices tab.
- Choose your Sensor from the drop-down list.
- Click Deploy Pending Changes.
- Select the Configuration & Signature Set option and click Update.
With this configuration, the Sensor bypasses that particular traffic without detection, regardless of which signature set is applied.