This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SOLVED] IPS blocks all network traffic

Appartently there was a problem with Snort package update. Since yesterday around 18:00 I had connectivity problems from local networks behind 2 different UTMs. The logs show the following:

up2date.log

2021:11:23-18:05:13 FW01 auisys[21582]: Install u2d packages <ipsbundle2>
2021:11:23-18:05:13 FW01 auisys[21582]: Starting installing up2date packages for type 'ipsbundle2'
2021:11:23-18:05:13 FW01 auisys[21582]: Installing up2date package: /var/up2date/ipsbundle2/u2d-ipsbundle2-9.520.tgz.gpg

Shortly after that, all hosts in the local networks behind the two UTMs could not access the Internet anymore. In both cases this error was logged every 30 seconds or so, causing the IPS log to grow into sizes of 150MB and more:

ips.log

2021:11:23-18:05:32 FW01 snort[21749]: FATAL ERROR: The dynamic detection library "/usr/lib/snort/so_rules//server-apache.so" version 1.0 compiled with dynamic engine library version 3.0 isn't compatible with the current dynamic engine library "/usr/lib/snort_dynamicengine/libsf_engine.so" version 3.1. 

Same log entries on a different firewall at 18:02.

Currently I disabled IPS on both affected systems as a workaround. However I do not know, if the IPS package will be updated automatically to a working version, when the feature is disabled.

Did anyone else encountered this problem?



This thread was automatically locked due to age.
Parents Reply Children
No Data