This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS logs growing growing growing... can't stop it.

I'm attempting to stop the following rule from filling my IPS logs.

"id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="reject" reason="PROTOCOL-ICMP Unusual PING detected" group="410" srcip="10.1.0.7" dstip="10.1.1.2" proto="1" srcport="0" dstport="0" sid="29456" class="Information Leak" priority="2" generator="1" msgid="0" "

I need this traffic stopped but I don't want to see 400,000 iterations of the alert every single day.

My process:
1. In Network Protection > Intrusion Prevention > Advanced > Modify Rules I have added a modification for 29456 to disable notification and to drop.

Can someone please show me the error of my ways?

Thanks,

~D

This thread was automatically locked due to age.

0 BAlfson over 11 years ago

Hi, Harbhajan Singh, and welcome to the User BB!

That first line is an attempt by twitter.com to send something to a mail server behind your UTM. The second appears to be from a domain with email hosted by Google.

What version - 9.111-7? Is this your home UTM? Other than these lines in the log, what problem does this seem to be causing? Is the SMTP Proxy enabled?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel