this is what i am seeing in the IPS live log...
2011:09:22-10:14:19 smtp1-1 ulogd[5750]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="e0:5f:b9:53:a4:c0" dstmac="0:1a:8c:f0:ae:20" srcip="10.1.0.120" dstip="10.9.2.3" proto="1" length="48" tos="0x00" prec="0x00" ttl="63" type="8" code="0"
I have a statseeker server that is 10.1.0.120 and it is trying to get to 10.9.x.x. What rule do I need to apply to let this through?
I tried disabling the following rules... 60014, 5750, 2104 but no dice.
There are ASG's at both ends. I tried adding the opposite local LAN on both ASG's in IPS under allowed networks, but that didnt work either.
This thread was automatically locked due to age.
