Hello guys, I found this link to whitelist an IP.
It has this syntax:
This document shows how to white list for this specific Sceen filter. You would use this only after you have found that a legitimate host performing an approved application was hitting this specific Screen (tcp syn-flood).
You would use this if you have a high volume application that might trigger the tcp syn check but is legitimate and you don't want to increase the limit to add risk from other servers and you don't want the syn check delay from the server you know will hit the limit.
Thanks spuluka, I never understand the link properly.
Thank you so much for the explanation.
I think might be useful for some pen testing? Or not?
It would depend on the purpose of the pen test. If the pen test is for the purpose of testing outsider access to the infrastructure and the effectiveness of the defense, then you would not want to white list the testing ip address.
But if the purpose is to test the servers themselves, then you would want to disable the screens that would apply for the pen testing ip address.
Thanks for the insights..