Hi Guys & Girls,
I have som internet traffic I know I need, but it is blocked by IPS !!
Does anyone know how to create an firewall rule based on IPS_SID or
how to find this IPS_SID and allow it ??:
Dest Geo FI
Dest Port 80
Dest Zone external
Event Signature IPS drop
Information Content matched an IPS signature.
Reason Traffic matched an IPS signature and the corresponding network session was dropped.
Rule Name Internet Services
Source Port 62765
Source Zone internal
Syslog Critical (2)
Time 12:42:48 +0000
It work off course when disabling IPS on the rule but I still want to use the IPS on rules !!
The product is McAfee Firewall Enterprise 8.3.0 Virtual
Go to Solution.
You should be able to look at the signature browser and disable that IPS signature. To do this:
Go to Policy>IPS>Signature Browser and search for 20056116. Then you can right click and disable it. At that point it should not be enforced.
View solution in original post
Off course it is, thanks ! 🙂
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC