I am in the process to finally get the SfB mobile clients to properly work with WebServer Protection.
Using SfB Server 2015 with the Android and iPhone mobile client. In my UTM logs when I try to do IMs from the client I can see that rules 981173, 981257, 981245, 981246, 981243, 981176, and 981204 are all being activated.
When I try to add 981176 and 981204, I get the following message when I select these to skip. Going by the message this looks like something I don't want to do.
"The list of skipped filter rules contains the following required infrastructure rules: 981176, 981204. Disabling a required infrastructure rule can lead to attacks not being blocked by the Web Application Firewall."
These two rules come after all others and have the following descriptions
[id "981176"] [msg "Inbound Anomaly Score Exceeded (Total Score: 23, SQLi=5, XSS=)
[id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 23, SQLi=5, XSS=):
I am thinking these are caused by the other rules being violated.
Also noticed the new Lync(SfB)Firewall Profile in 9.5 does not have any filter skips at all. Does anyone have a Profile they are using with SfB mobile clients? Should I be worried with skipping all these rules for the mobile client to work?
Jim
SG230 HA V9.500-9
This thread was automatically locked due to age.