Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with roadwarriors

Sarfein
Hi

I have a Problem with my Roadwarris and Intrusion Protection.
When a Roadwarrior with vpn-ssl is log in and tries to sync his
exchange account i get sometimes an intrusion Prot. warning like
reason="IMAP fetch overflow attempt" group="224" srcip="10.242.2.58" dstip="******"
where ****** is the adress of my internal exchange server.

I have rules which allow all services from my vpn-ssl net to my internal net and otherwise
I also have the vpn-ssl Net in the local networks in Global IPS Settings

I am running the latest Version V7.101 on an HP Server Blade

It seems that the Sync is not completly droped some directories are synced but
not all.

Do I miss anything ?

Greets Sarfein


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    take a look at your IPS-settings and exceptions. Eventually you have to build an IPS-exception for your roadwarriors and/or exchange-server.

    Local networks in Global IPS Settings are the secured networks, not the exceptions.

    Regards,
    Thomas
  • 0 in reply to tbrandl
    I would probably just disable the IMAP IPS rule in question; it's obvious that it's a false positive.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply Children
No Data
Cookie Information Banner