IPS Exception not working

Question

Hi, 
 I have problems with IPS in UTM, the UTM handles IPSEC traffic with VEEAM backup and Replication, and triggers this: 
 2019:09:10-02:55:51 mail-2 snort[13000]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="MALWARE-OTHER Ransomware SamSam variant detected" group="500" srcip="192.168.11.20" dstip="192.168.10.31" proto="6" srcport="902" dstport="53906" sid="48814" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0" 
 2019:09:10-02:58:23 mail-2 snort[13000]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="MALWARE-OTHER Ransomware SamSam variant detected" group="500" srcip="192.168.11.20" dstip="192.168.10.31" proto="6" srcport="902" dstport="53946" sid="48814" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0" 
 
 192.168.11.20 is a VMWARE ESXi server 
 192.168.10.31 is a Veeam Server (Windows) 
 
 I have added this exception in the affected UTM:

But nothing helps :-(

twister5800 · Accepted Answer

Hi Hermann0, 
 Yes, support tried a lot, but finally found out, that when making IPS exceptions, I could not choose the service,but only the device, and to be sure with my traffic, we had to add them as here:

It did not look that it was something they would fix, as this works as designed, I was told :-) 
 I just needed to know it first:-)

BAlfson · Answer

Hallo Flo, 
 It look like you need a single, new Service definition like msexch-routing response = UDP 691->1:65535 . 
 Did that work for you? 
 Cheers - Bob