Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
728 Views 2 Replies Latest reply: Nov 15, 2012 9:07 AM by Tom Malmstroem RSS
Tom Malmstroem Newcomer 5 posts since
Feb 16, 2012
Currently Being Moderated

Nov 15, 2012 7:28 AM

How to create rules based on Ips_sid

Hi Guys & Girls,

 

I have som internet traffic I know I need, but it is blocked by IPS !!

Does anyone know how to create an firewall rule based on IPS_SID or

how to find this IPS_SID and allow it ??:

 

Attackip            192.168.100.15

Attackzone       internal

Category           signature_ips

Cmd                   httpp

Date                   2012-11-15

Dest Geo           FI

Dest Port          80

Dest Zone         external

Dstip                  193.66.251.201

Event                 Signature IPS drop

Facility               http_proxy

Hostname        

Information     Content matched an IPS signature.

Ips_classtype   IPS:DOS

Ips_sid               20056116

Ips_sig_category                        HTTP-General

Ips_signame     Host.Old-HTTP.Suspicious

Netsessid          d328150a4e348

Protocol            tcp

Reason              Traffic matched an IPS signature and the corresponding network session was dropped.

Rule Name       Internet Services

Source Port      62765

Source Zone     internal

Srcip                   192.168.100.15

Syslog                Critical (2)

Time                  12:42:48 +0000

 

It work off course when disabling IPS on the rule but I still want to use the IPS on rules !!

The product is McAfee Firewall Enterprise 8.3.0 Virtual

 

KR /Tom

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points