Create or edit a filter exception

When you create a filter exception, you exclude the IP address group from being the target of the action set for the selected filters. The filter exception applies only to the selected filter; it does not globally affect all filters.

Important

The SMS restricts the number of IP addresses used in filter exceptions, restrictions, and quarantined access for a profile to 65,536. If a profile exceeds this limit, you cannot distribute the profile. This limit promotes better performance for your system. Saving and distributing too many filter changes to a device at one time can cause problems with performance, out-of-memory errors, and fallback mode for High Availability (HA).

Procedure

Select Profiles → Inspection Profiles, and search for or locate the filter you want to edit.
Click Add Exception.
Enter a Name for the exception.
Under Source IP Address, do one of the following:
- Select Any IP to indicate that traffic flowing from any IP address will not be inspected by this filter.
- To create an unnamed IP address group, select IP Address and specify an IP address.
  After you create the filter exception, select Admin → Named Resources → IP Address Groups → Show Unnamed Items to view this IP address group.
- To select (or create) a named IP address group, click the Right arrow next to the IP Address field.
  From here, you can search for, select, or create a new IP address group. For more information, see Named resources and Create or edit named resource groups.
  
  Traffic flowing from the specified source will not be inspected by this filter.
Enter the Destination IP Address.
Follow the same guidelines for the Source IP Address.
Click OK.