Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3229 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Version outdated (Snort version)

BastianMencke

Hi everyone,

 

i've got a firewall (SG 135 - FW: 9.506-2, Pattern: 136330) at a customers place having trouble with ips rules.

After looking around i found something interesting. The snort version is really different as from my home box (virtual machine, same FW and Pattern).

 

Snort version on SG135: Version 2.9.7.6 GRE (Build 285)

Snort version on VM: Version 2.9.9.0 GRE (Build 56)

 

Therefor rules with the "bitmask" statement will not work and causes snort just exit and start over again and again.

As of the default option to drop all packets when snort is not running, every connection through the firewall is not possible at this state.

 

So how do i manually update the snort to the actual version, or what would be the right way.

I currently have no phyisical acces to the firewall, as it is some hundret kilometers away.

 

Thanks

Bastian



This thread was automatically locked due to age.
  • +1

    Alright i got the solution.

     

    Fixed the symlink in "/var/sec" that was pointing to "/var/sec/chroot-snort-2976.." into "/var/sec/chroot-snort-2990-03", rebooted the system and deactivated and activated the ips through webadmin. After this i've got the actual snort version with updated configuration to support the current ruleset.

  • 0 in reply to BastianMencke

    Brilliant, Bastian!  Thanks for sharing that with us!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML