‘Answer & Explanation
Correct Answer
1. Choose Configuraton->Policies->Event Action Rules->rules0->Event Action Overrides
2. Check Use Event Action Override box
3. Choose Target Value Rating
4. Delete whatever is there - since you cannot edit, only add and delete
5. Add: there choose Mission Critical, range of IP addresses 172.16.1.3-172.16.1.4
6. Click OK, then Apply
7. Go to Event Action tab
8. Delete whatever is there (Deny Packet Inline for RR >=90)
9. Add Deny Packet Inline for the range of 80 to 100 (Minimum and Maximum fields). Enabled and Active shoul
10. OK and Apply
11, Now go to rules0-> Event Action Filters and Add new one
12. Enter filter name - for example, PermitMS
13. Change Attacker Address field to 10.0.1.12
14. Change attacked destionation adresses to 172.16.1.3-172.16.1.4
15. Choose Deny Packet Inline from the actions to substract
16. OK and Apply