Attack log

Question

Hi
we use Astaro ASG525 and configure IPS for it according to Sophos manual.
But we feel intrusion prevention don not drop packet.
please pay attention to this log:
---------------------------------------------------------------------------------------------------------
id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion
protection alert" action="alert" reason="MISC SSL CBC encryption mode
weakness brute force attempt" group="500" srcip="x.x.x.x"
dstip="y.y.y.y" proto="6" srcport="---" dstport="--" sid="20212"
class="Attempted Information Leak" priority="2" generator="1"
msgid="0"
------------------------------------------------------------------
action is (alert) but we configure (drop)
please help us,
Thanks.

This thread was automatically locked due to age.

sachingurung · Answer

Hi Ali, 
 As per the DM conversation between us, your UTM resides on an older firmware built v8. The only possibility of the false action can be associated with the firmware. I request you to upgrade to the latest firmware and let us know it that resolves the issue. 
 Thanks