This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where do I find rule 1233 to change it?

I keep finding lots of this message in the log, no one is complaining that they are being blocked.

1233 WEB-CLIENT Outlook EML access email clients

With the current reporting structure there is no way of telling which user is causing/affected by these dropped packets.

Looks like a save the appropriate logfile to XP, import to Access and search.

Ian M[:$][:$][:$]

This thread was automatically locked due to age.

Parents

0 medic over 18 years ago

Go to the Network Security / Intrtusion Protection / Advanced - Tap
On the top you can add a new "Modified rule"
Put in the Rule ID ie. 1233 and disable it or alert.....

Regards,

Medic
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to medic

medic's got it right... though I do hate this new manner of managing rules.. the old way was certainly better, at least for me.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 18 years ago in reply to medic

medic's got it right... though I do hate this new manner of managing rules.. the old way was certainly better, at least for me.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Simon Shaw over 18 years ago in reply to BrucekConvergent

Yeah, the old way was nicer, put in rule number in the filter, then edit...
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 18 years ago in reply to Simon Shaw

Folks,
thank you for the pointer. I will try and remember what to do next time I want to change IPS rules.
For the moment I took a different approach and blocked the 2 sites in web filtering. They are both hotmail sites and don't appear to have any affect when blocked on hotmail or page displays.

Anybody had a close look at the web filtering? Some strange updates happen to some profiles eg you update the generic filters and some of the http profiles are also updated, but not all.[:S]

Ian M[[[:)]]][[[:)]]][[[:)]]]
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 18 years ago in reply to RFCat_vk_01

Well, blocking the sites wasn't the answer, so I have disabled the rule and removed the web blocks.

Ian M[:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 Stephan_Scholz over 18 years ago in reply to RFCat_vk_01

Actually this rule is way too simplistic, that's why it's going to be removed in the next ruleset update.

Stephan
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 18 years ago in reply to Stephan_Scholz

Interestingly, since I disabled the rule I haven't had any attacks recorded.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel