- CheckMates
- :
- Products
- :
- General Topics
- :
- Syslog packets dropped by IPS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Syslog packets dropped by IPS
Hi mates,
I have a problem with the IPS. I have configured the SMS to send logs to a SIEM server, and the IPS started blocking the syslog packets. So I added an exception defining the source, destination and service, and I tried with "Apply on the matched rule" and "Add to global exception group (apply on all rules)", and neither of them works, I still see this logs:
[Expert@fw1:0]# fw ctl zdebug + drop | grep "192.168.1.8"
@;1786452969;[vs_0];[tid_1];[fw4_1];fw_log_drop_ex: Packet proto=17 192.168.100.132:9271 -> 192.168.1.8:514 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;
@;1786452969;[vs_0];[tid_1];[fw4_1];fw_log_drop_ex: Packet proto=17 192.168.100.132:9271 -> 192.168.1.8:514 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;
@;1786452969;[vs_0];[tid_1];[fw4_1];fw_log_drop_ex: Packet proto=17 192.168.100.132:9271 -> 192.168.1.8:514 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;
@;1786452969;[vs_0];[tid_1];[fw4_1];fw_log_drop_ex: Packet proto=17 192.168.100.132:9271 -> 192.168.1.8:514 dropped by fw_spii_execute_inspections Reason: spii inspection matrix drop;
I have only seen this post with no solution
Any ideas?
Regards,
Julián
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the precise log card for this?
Please post with sensitive data redacted.
In any case, you can try and disable the "Cisco IOS IPv4 Denial of Service" protection as mentioned here: https://support.checkpoint.com/results/sk/sk61542
Otherwise, I recommend a TAC case.