2 Replies Latest reply: Nov 15, 2012 9:07 AM by Tom Malmstroem RSS

    How to create rules based on Ips_sid

    Tom Malmstroem

      Hi Guys & Girls,


      I have som internet traffic I know I need, but it is blocked by IPS !!

      Does anyone know how to create an firewall rule based on IPS_SID or

      how to find this IPS_SID and allow it ??:



      Attackzone       internal

      Category           signature_ips

      Cmd                   httpp

      Date                   2012-11-15

      Dest Geo           FI

      Dest Port          80

      Dest Zone         external


      Event                 Signature IPS drop

      Facility               http_proxy


      Information     Content matched an IPS signature.

      Ips_classtype   IPS:DOS

      Ips_sid               20056116

      Ips_sig_category                        HTTP-General

      Ips_signame     Host.Old-HTTP.Suspicious

      Netsessid          d328150a4e348

      Protocol            tcp

      Reason              Traffic matched an IPS signature and the corresponding network session was dropped.

      Rule Name       Internet Services

      Source Port      62765

      Source Zone     internal


      Syslog                Critical (2)

      Time                  12:42:48 +0000


      It work off course when disabling IPS on the rule but I still want to use the IPS on rules !!

      The product is McAfee Firewall Enterprise 8.3.0 Virtual


      KR /Tom