Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 7502 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic blocked for no reason

Avi Bar Ilan

Hi Guys

i am seeing A LOT of event in my log viewer about "TCP timestamp is missing"

this is coming from my internal LAN and going to the internal LAN (VLAN to VLAN)

the firewall rule that is refrenced in the log viewer point to rule 11

in rule 11 i have absolutely nothing configured that might block the traffic.

no IPS, no web filter...nothing:

 

this rule is set to allow all internal traffic from all vlans to all vlans.

so...what is blocking this traffic i see in the log viewer???

 

thanks guys!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Aditya Patel

    Hi

    thats exactly what i ended up doing and it seems to solve the issue...but...

    this command disables the IPS ability to look for anomalies,

    and at the end of the day...looking for anomalies is the whole point of IPS

    thats what IPS is supposed to do - look for anomalies!

    disabling this feature - really missed the whole point of having IPS

  • 0 in reply to Avi Bar Ilan

    Hi Avi,

    IPS would still work, all you would need is to apply IPS policy on the firewall rule where the traffic transverses through and manage the signatures if they cause some traffic to drop. Pre-processing at the moment is not configurable.

  • 0 in reply to Aditya Patel

    Hi

    i have to curcle you back to the initial comment on this post.

    the firewall rule that caused the internal traffic to be flaged and dropped had no ips policy on it.

    it was a firewall that allow all internal traffic between all vlans and had no we policy, no ips, no application policy. none!

    and still traffic was blocked!