This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Service - with no FW rules - Prevents Certain Sites from Loading

I'm running V19 in bridge mode.  Very basic setup, haven't really gotten far with it yet.

I've noticed that even though I have no firewall rules with IPS enabled, certain sites - like this one(!) time out unless I stop the IPS system service under "system services -> services" - And I'm not seeing any errors in /log/ips.log.  When I disable that system service, the problem stops.

Here are my firewall rules:

(Note I disabled the default NAT rule because this is an internal bridged setup, no NAT needed).

This thread was automatically locked due to age.
  • The affected sites seem to be internal to my network - I have multiple subnets.  It seems to happen when the connection is TLS-encrypted - whether it's websites or other TLS-encrypted connections - but this happens without the proxy or decryption.

    What's interesting is that I can *open a connection* to the affected resources, e.g. using telnet.

  • Are you sure there's no decryption happening? (For example, monitor the TLS log in Log Viewer to see.) TLS decryption can be tricky in that you might think you set it in a Firewall rule, but the checkbox is not setting decryption, it's setting HTTP inspection (and HTTPS if you happen to have decryption happening due to TLS rules).

  • I'll double-check that. One thing I did just notice a few minutes ago is that if I turn off the SSL/TLS Engine in Rules and Policies > SSL/TLS Inspection Rules > SSL/TLS Inspection Settings > Advanced, everything begins to work again.

    I'll review the TLS log.

  • When I do a policy test, I get:

    Which appears correct, it's not trying to decrypt it... 

  • Reviewing the ips.log, I am seeing this occur:

    ips.log:2022-05-31T05:44:14.086148Z [17341/0x0] [nsg_nse_policy.c:1572:__nsg_error] to Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout

Reply Children
No Data