This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.005] IPS Exceptions

In Version 6 I could create an IPS exception (Skip IPS from Internal Lan TO DMZ Lan) In V7 you can't do that, why? I have systems on my DMZ that require access to my Domain Controllers and IPS is going crazy. But I only want to disable IPS for traffic from DMZ to any other traffic must be scanned. Why did Astaro remove that option?

This thread was automatically locked due to age.

Parents

0 alda over 18 years ago

Hi,

but his function version V7 has ! You can make exceptïons in IPS, look there properly !

Alda
Cancel
Vote Up 0 Vote Down

Cancel
0 Hi-con over 18 years ago in reply to alda

If you read my post carefully you will see that it states, that you can make IPS exceptions but ONLY for source OR destination. In version 6 you could do IPS exceptions from source TO destination. In that exception traffic from source to destination is exempt from IPS scanning, however any other traffic would still be scanned. With version 7 if you include both source and destination in an exception rule, ALL traffic going to either would not be scanned by IPS.
Cancel
Vote Up 0 Vote Down

Cancel
0 alda over 18 years ago in reply to Hi-con

could you have a look to the enclosed picture, please ?

Alda
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 alda over 18 years ago in reply to Hi-con

could you have a look to the enclosed picture, please ?

Alda
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Hi-con over 18 years ago in reply to alda

If you take a look at your IPS log you will notice that there is no traffic listed for your Internal Network (Source or Destination) neither is their traffic being scanned for Annex Network (Source or Destination). So if there is an external attack on one of your server's hosted on your internal LAN it won't be identified or blocked by the IPS because of the exception rule you have setup. No traffic going to or comming from either network will be scanned by the IPS. So why enable the IPS on your system...it's not scanning anything.

I want to exclude scanning traffic comming from source network going to destination network. If you look at the definition of your exclusion rule it says Source OR Destination. It should state Source AND Destination must match for exclusion rule to apply.

Best regards,

Dayne
Cancel
Vote Up 0 Vote Down

Cancel