This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Large number of false positive 'Misc' Network Attacks

Hi,

I am receiving a large number of false positive network attacks under the Misc category, i cant seem to locate the particular signature name when browsing through the IPS policies. Is there anything i can do about these? The traffic is coming from a Citrix Netscaler in the DMZ zone going to Windows AD servers / DNS servers in the LAN zone and the firewall rule i currently have applied for this rule has no intrusion prevention policy applied to it, so i am not sure why this traffic is being dropped.

This thread was automatically locked due to age.

0 sachingurung over 8 years ago

Hi Michael,

Check #1 in my guide. Verify if the the traffic is forwarded from the exact Rule ID and if there is any drops captured in the backend logs.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel