Hi
I found an issue with exceptions on IPS.
Consider this environment:
Nessus---Internet---ASG---DMZ---FTPserver
The FTPserver is published with DNAT.
The IPS configuration of ASG is:
- Protection of Internal Network (DMZ)
- Enabled all attack patterns with all extra-warnings.
- Anti-Portscan enabled.
- One exception defined = No Intrusion Protection from IP=5.6.7.8 to FTPserver.
The IP of Nessus is 1.2.3.4.
When Nessus performs its penetration tests against the FTP server, the ips.log doesn't report any intrusion attempts, only port scan attempts.
In fact, the IPS doesn't protect the internal FTPserver but I want to disable IPS only from 5.6.7.8 !
If I disable the exception rule, the IPS works and it protects my FTPserver showing the intrusion attempts on ips.log but this can create problems when I came from 5.6.7.8.
This is a big problem and pratically the IPS exceptions doesn't work.
The same issue also affects the 7.30x version!
Guest User!
You are not Sophos Staff.
