Today we can not quarantine any IP from threat details via Actions / Add source IP to IPS Quarantine.
I got error "Quarantine Host failed due to Sensor Configuration"
Any idea what can be the cause ?
IPS sensor has quarantine enabled, policy and settings can be applied normally....
on 1/31/14 1:28:21 PM CET
I've seen that message when trying to quarantine on both sensors of a failover pair. The quarantine happens automatically for the secondary sensor, so you don't need to do it twice.
I'm not sure if that's what you are seeing or not. It may be worth trying to restart the sensor if not.
This is single IPS sensor M-1250 no cluster. IPS restart did not help :-(
All other sensor settings work. Signature updates, port config setup, port security profile change ... only add IP to quarantine manually does not work.
Sensor adds IP to quarantine itself if rule action is configured to quarantine during attack.
We have also been receiving the same error message when attempting to manually quarrantine. Runnin McAfee NSM M-4050, 220.127.116.11, signature 18.104.22.168 in our case.
Curious to see a response from McAfee on this.