Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 762 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18 - Bug: Filter for IPS signature rules table does not work

DuS

Hi together,

 

I am pretty sure it is a bug, that you are unable to filter in the IPS signature rules table for anything. Regardless of my input (filtering for rule name, signature id or what ever) it always displays the same 150 results that have nothing in common with my filter query:

A filter just drops the whole list of 4921 rules down to 150 but the rule I would have liked to find is not within this list of 150 items.

 

 

 

Is this known? Anyone else affected? Will there be a fix?

This issue is present since the beginning of v18 and is still present in the newest release SFOS 18.0.1 MR-1-Build396.

It pretty much renders us unable to manage our IPS policies in detail.

 

Kind regards,

David



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    I tried to find that signature without all of your presets and it does not exist. I also get a empty search return. I was using the WAN to LAN template. I also tried the LAN to WAN template with the same result.

    I have created my own IPS signature policy.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thank you, that you spent time trying this.

    The ID in the screenshot was copied from my IPS log where I was able to see a most likely false positive regarding SERVER-MAIL MailEnable SMTP Service SPF Lookup Buffer Overflow that was dropped and produced some issues with our mail traffic. I also tried a query with an ID from the list of 150 items just to make sure that it wasn't because of this specific ID I used for my filter.

    I would have expected to find exactly the single, specific item after I applied the filter but the list with 150 items didn't change.

    I have a workaround to disable single signatures directly from within the log but in case the exception was uneccessary, I am unable to revert this change without the need to recreate the whole ruleset from scratch, since I can not filter my IPS rule table to find a specific rule and enable it again.

Reply
  • 0 in reply to rfcat_vk

    Thank you, that you spent time trying this.

    The ID in the screenshot was copied from my IPS log where I was able to see a most likely false positive regarding SERVER-MAIL MailEnable SMTP Service SPF Lookup Buffer Overflow that was dropped and produced some issues with our mail traffic. I also tried a query with an ID from the list of 150 items just to make sure that it wasn't because of this specific ID I used for my filter.

    I would have expected to find exactly the single, specific item after I applied the filter but the list with 150 items didn't change.

    I have a workaround to disable single signatures directly from within the log but in case the exception was uneccessary, I am unable to revert this change without the need to recreate the whole ruleset from scratch, since I can not filter my IPS rule table to find a specific rule and enable it again.

Children
No Data
Unfiltered HTML