Hi Guys & Girls,
I have som internet traffic I know I need, but it is blocked by IPS !!
Does anyone know how to create an firewall rule based on IPS_SID or
how to find this IPS_SID and allow it ??:
Dest Geo FI
Dest Port 80
Dest Zone external
Event Signature IPS drop
Information Content matched an IPS signature.
Reason Traffic matched an IPS signature and the corresponding network session was dropped.
Rule Name Internet Services
Source Port 62765
Source Zone internal
Syslog Critical (2)
Time 12:42:48 +0000
It work off course when disabling IPS on the rule but I still want to use the IPS on rules !!
The product is McAfee Firewall Enterprise 8.3.0 Virtual
You should be able to look at the signature browser and disable that IPS signature. To do this:
Go to Policy>IPS>Signature Browser and search for 20056116. Then you can right click and disable it. At that point it should not be enforced.