There is nothing at all in the IPS log when I turn it on and off. When I turn on IPS, the wireless AP drops off within a minute or so. Turning IPS off, the AP reconnects within a minute or so.
To try and diagnose the problem further, I disabled all the IPS signatures, group by group. I also disabled all the anti-DoS/Flooding options. Even with all signatures and anti-DoS measures disabled, the AP30 still drops off every time I enable IPS and comes back when I disable it.
In the dhcpd.log, while IPS is enabled, I can still see DHCP requests coming in from the AP:
2013:12:21-11:04:26 woodinhole dhcpd: DHCPDISCOVER from 00:1a:8c:08:99:58 (AP30-A400015FFF6AEBE) via br0
2013:12:21-11:04:27 woodinhole dhcpd: DHCPOFFER on 10.46.47.46 to 00:1a:8c:08:99:58 (AP30-A400015FFF6AEBE) via br0
2013:12:21-11:04:29 woodinhole dhcpd: if AP30-A400015FFF6AEBE.int.baldrys.ca IN A rrset doesn't exist add AP30-A400015FFF6AEBE.int.baldrys.ca 43200 IN A 10.46.47.46: timed out.
2013:12:21-11:04:29 woodinhole dhcpd: DHCPREQUEST for 10.46.47.46 (10.46.47.254) from 00:1a:8c:08:99:58 (AP30-A400015FFF6AEBE) via br0
2013:12:21-11:04:29 woodinhole dhcpd: DHCPACK on 10.46.47.46 to 00:1a:8c:08:99:58 (AP30-A400015FFF6AEBE) via br0
Looking in the wireless.log, I noticed that connection to awed seems to be particularly significant to the problem. I discovered, using telnet, that when IPS is enabled, it is not possible to connect to awed (port 2712) on the UTM from the internal wired network. When IPS is disabled, connection happens straight away.
I tried creating an IPS exception for traffic coming from my internal network to port 2712 on the UTM. This made no difference.
I tried creating a firewall rule to explicitly allow traffic coming from my internal network to port 2712 on the UTM. This made no difference.
I have now exhausted my technical capabilities. Any suggestions?
