Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 8271 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS action "Bypass Session" making confusion

Deepak Verma

Dear All,

There is an action in the IPS policy "Bypass Session" and as per documents "Bypass Session - Allows the entire session if detects any traffic that matches the signature." and recommendation for the same is:

"To save resources and avoid latency, set action as “Bypass Session” as in this, if the initial packets match the signature then the rest of the session packets will not be scanned at all."
 
Is he talking about the signatures which are having the default action "Allow" or for all signatures? Why I am asking this question because suppose there is a signature with Critical and default action for this packet is dropped, at this condition what will happen if I will select an action as "Bypass Session"? 
 
 
Regards,
Deepak Kumar


This thread was automatically locked due to age.
Parents
  • 0

    Hi Deepak,

    The action will be taken considering the order of the added rules in the IPS Policy. The scanning will be done in TOP to BOTTOM direction, if there is a drop action rule on the top of bypass action rule then, the signature connection will be dropped.

    Thanks,

Reply
  • 0

    Hi Deepak,

    The action will be taken considering the order of the added rules in the IPS Policy. The scanning will be done in TOP to BOTTOM direction, if there is a drop action rule on the top of bypass action rule then, the signature connection will be dropped.

    Thanks,

Children