Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 5276 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS logs growing growing growing... can't stop it.

SalishSwede
I'm  attempting to stop the following rule from filling my IPS logs.

"id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="reject" reason="PROTOCOL-ICMP Unusual PING detected" group="410" srcip="10.1.0.7" dstip="10.1.1.2" proto="1" srcport="0" dstport="0" sid="29456" class="Information Leak" priority="2" generator="1" msgid="0" "

I need this traffic stopped but I don't want to see 400,000 iterations of the alert every single day.

My process:
1. In Network Protection > Intrusion Prevention > Advanced > Modify Rules I have added a modification for 29456 to disable notification and to drop.

Can someone please show me the error of my ways?

Thanks,

~D


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Harbhajan Singh, and welcome to the User BB!

    That first line is an attempt by twitter.com to send something to a mail server behind your UTM.  The second appears to be from a domain with email hosted by Google.

    What version - 9.111-7?  Is this your home UTM?  Other than these lines in the log, what problem does this seem to be causing?  Is the SMTP Proxy enabled?

    Cheers - Bob
Reply
  • 0
    Hi, Harbhajan Singh, and welcome to the User BB!

    That first line is an attempt by twitter.com to send something to a mail server behind your UTM.  The second appears to be from a domain with email hosted by Google.

    What version - 9.111-7?  Is this your home UTM?  Other than these lines in the log, what problem does this seem to be causing?  Is the SMTP Proxy enabled?

    Cheers - Bob
Children
No Data