Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 527 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AWG failed after Pattern Update 12408

hegl
Just after install pattern update 12408 the AWG doesn´t work. And here isn´t the solution to deactivated IPS. What´s going wrong. What ist the workaround?


This thread was automatically locked due to age.
Parents
  • 0
    Just after install pattern update 12408 the AWG doesn´t work. And here isn´t the solution to deactivated IPS. What´s going wrong. What ist the workaround?


    Deactivating IPS works for me currently. I've tried adding exclusions that doesn't work.

    [UPDATE]Also there is a fix here if you disable some specific IPS rules: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/39670[/UPDATE]

    Symptoms are no DNS resolution or traffic traversal of the interfaces.

    Also internal connections cannot traverse to servers on inside interfaces. 

    Example of errors in IPS log:

    2010:05:07-12:21:54 mail snort[3119]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    2010:05:07-12:21:54 mail snort[3119]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    2010:05:07-12:21:54 mail snort[3119]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    2010:05:07-12:21:54 mail snort[3119]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    2010:05:07-12:21:54 mail snort[3119]: Max Header Line Length: 1000
    2010:05:07-12:21:54 mail snort[3119]: Max Response Line Length: 512
    2010:05:07-12:21:54 mail snort[3119]: X-Link2State Alert: Yes
    2010:05:07-12:21:54 mail snort[3119]: Drop on X-Link2State Alert: No
    2010:05:07-12:21:54 mail snort[3119]: Alert on commands: None
    2010:05:07-12:21:58 mail snort[3119]: FATAL ERROR: Warning: /etc/snort/rules/astaro.rules(3626) => Unknown keyword ' detection_filter' in rule!
Reply
  • 0
    Just after install pattern update 12408 the AWG doesn´t work. And here isn´t the solution to deactivated IPS. What´s going wrong. What ist the workaround?


    Deactivating IPS works for me currently. I've tried adding exclusions that doesn't work.

    [UPDATE]Also there is a fix here if you disable some specific IPS rules: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/39670[/UPDATE]

    Symptoms are no DNS resolution or traffic traversal of the interfaces.

    Also internal connections cannot traverse to servers on inside interfaces. 

    Example of errors in IPS log:

    2010:05:07-12:21:54 mail snort[3119]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    2010:05:07-12:21:54 mail snort[3119]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    2010:05:07-12:21:54 mail snort[3119]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    2010:05:07-12:21:54 mail snort[3119]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    2010:05:07-12:21:54 mail snort[3119]: Max Header Line Length: 1000
    2010:05:07-12:21:54 mail snort[3119]: Max Response Line Length: 512
    2010:05:07-12:21:54 mail snort[3119]: X-Link2State Alert: Yes
    2010:05:07-12:21:54 mail snort[3119]: Drop on X-Link2State Alert: No
    2010:05:07-12:21:54 mail snort[3119]: Alert on commands: None
    2010:05:07-12:21:58 mail snort[3119]: FATAL ERROR: Warning: /etc/snort/rules/astaro.rules(3626) => Unknown keyword ' detection_filter' in rule!
Children
Cookie Information Banner