I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This thread was automatically locked due to age.
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
Hi Guys,
Yesterday I installed XG310 (SFOS 17.5.3 MR-3) at client site.
It is in bridge mode after MKtik router doing NAT+Routing+VPN+basic FW.
Still there are a TON of false IPS positives. TCP related, IMAP related, Print spooler related(just some broadcasts), DNS related(replies from 8.8.8.8).
So this is redicilous.
Disabling is just temp solution? Even in upgrade does it stop/lower efficiency of IPS?
Have a nice day! Greetings!
Hi Guys,
Yesterday I installed XG310 (SFOS 17.5.3 MR-3) at client site.
It is in bridge mode after MKtik router doing NAT+Routing+VPN+basic FW.
Still there are a TON of false IPS positives. TCP related, IMAP related, Print spooler related(just some broadcasts), DNS related(replies from 8.8.8.8).
So this is redicilous.
Disabling is just temp solution? Even in upgrade does it stop/lower efficiency of IPS?
Have a nice day! Greetings!
This issue is resolved in SFOS v17.5.8 MR-8. By default the setting will be enabled, as it was causing too many false positive detections.
Hi FloSupport
Thanks for the reply. BUT could you please answer the questions above.
Is disabling IPS anomalies LOWERs the protection and effectiveness?
Thanks!
Have a nice day!
Yes, disabling any IPS setting/signature affects protection somewhat.
This particular IPS setting detects and drops "anomalous" TCP traffic (missing TCP timestamps, etc.) This setting was causing excessive false-positives & issues for some customers, therefore the option to disable it was provided.
Copy and paste of the information I provided previously:
Regards,