This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Exception not working

Hi,

I have problems with IPS in UTM, the UTM handles IPSEC traffic with VEEAM backup and Replication, and triggers this:

2019:09:10-02:55:51 mail-2 snort[13000]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="MALWARE-OTHER Ransomware SamSam variant detected" group="500" srcip="192.168.11.20" dstip="192.168.10.31" proto="6" srcport="902" dstport="53906" sid="48814" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0"
2019:09:10-02:58:23 mail-2 snort[13000]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="MALWARE-OTHER Ransomware SamSam variant detected" group="500" srcip="192.168.11.20" dstip="192.168.10.31" proto="6" srcport="902" dstport="53946" sid="48814" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0"
 
192.168.11.20 is a VMWARE ESXi server
192.168.10.31 is a Veeam Server (Windows)
 
I have added this exception in the affected UTM:
 
But nothing helps :-(
 


This thread was automatically locked due to age.
Parents Reply Children
No Data