We have software that goes out to a distributors website and downloads updates. Part of these updates is a batch of Word documents in .docx format that have some ActiveX controls in them that are used for automation. They cannot be removed and are a normal part of their software. The problem is, for our standard "web access" rule we have enabled the default IPS rule "LAN to WAN" which is blocking this. In the firewall we have the following:
We have already added the domain that the downloads come from to the exceptions list under Protect -> Web -> Exceptions and also added the same domains to the "Local TLS exclusion list" but we still get the constant (100's per day) logs and emails and I'm assuming IPS ignores these exceptions.
Is there any way to either add a exception for this SignatureID or modify the default IPS rule or do I have to create a new IPS rule with all the same settings except for "file-office". I would like the "file-office" stuff to remain, I really only want this one signature ignored, but I don't see how to do that.
yes, you can. You need to add another rule using lan to wan as the policy, then select the SID and change it to disabled and then save your new version of 'My LAN to WAN'. Then use that in all your firewall rules,
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
Thank-you. I was hoping to just modify the existing but being a default rule I guess that makes sense that I couldn't. Would be nice to have a couple extra characters in the policy name as I like being specific in what something is doing (like "LAN to WAN with Exceptions") but at least it's working.
or the simple way ... using a writable IPS-Policy ...
- open LogViewer / IPS- locate your problem- click to the signature-ID- select "Disable the signature for this IPS Policy"
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Already made the new policy but I'll keep this in mind for next time.
are you advising this allows the template policy to be altered?
my name for the policy was just an example, you can name it any way you like.