Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 1373 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy setting exclusions not working

skydiver
Here is my setup:
ASG 120
3 vlans on eth0 grouped in a network definition call internal networks
1 lan segment on eth2 call WiFi hotspot (172.16.16.0/24)

IM/P2P Settings
Settings Options:
Controlled networks ANY
Nothing in Controlled skip list

Instant messaging settings:
Protocol all set to block completely
Exceptions entry
      Skip these protocols all checked and source network set to eth2 network definition (172.16.16.0/24

Peer to Peer settings:
   All set to Block All with no exceptions


I am getting Snort notifications like this:
Message........: POLICY AOL Instant Messenger Message Send
Details........: www.snort.org/.../sigs.cgi
Time...........: 2009:11:12-14:34:50
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Potential Corporate Privacy Violation IP protocol....: 6 (TCP)

Source IP address: 172.16.16.2



Where am I missing the settings to allow IM on the wifi hotspot nic but not anywhere else?  I still want to block peer-to-peer traffic globally.


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Gert Hansen
    Then why is this a snort message?  Doesn't the P2P Section pipe traffic through snort and isn't the leading note of "POLICY" signify that in the notification snippet that I copied?

    In my IPS settings, I have the protected networks set to the "Internal Networks" network group which doesn't contain the "WiFi Hotspot" network segment.  So this notification must be coming from the IM/P2P settings, not the IPS settings.  Besides, I don't want to disable this rule accross the board, only for our WiFi hotspot network segment.  I still want IM traffic it dropped for our "Internal Networks" group of vlan segments which doesn't contain the "WiFi Hotspot" network segment and also still want P2P traffic dropped globally.