Hi everyone,
we are using Skype for Business for internal and external communication and migrated to the cloud recently.
We had performance problems with our systems on premise and hoped that they will go away ;)
But "showing the screen" is still having performance problems or even stops.
I now will block the traffic between VPN Users completely (a tip from a MVP) and already created some exclusions for the Microsoft IPs.
But in the intrusion prevention log are still entries that might block traffic. I don't know how to create an exclusion here. I would have to specify a "source address" because the destination is from 1024-65535. This seems to be impossible
2019:06:28-10:15:52 firewall ulogd[38311]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="b4:de:xx:yy:zz" dstmac="00:1a:8c:xx:yy:zz" srcip="customer IP" dstip="our internet ip" proto="17" length="1476" tos="0x00" prec="0x00" ttl="56" srcport="4500" dstport="58029"
How can i create an exclusion for a block like this? It is always the source address 4500
Best regards
Stephan
This thread was automatically locked due to age.