Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ANANTADSULE
Participant

IPS exception not working QS 1550 R81.10.07

Hello everyone.

I have created Command injection IPS exception for anywheremail.qlc.co.in domain,but firewall is preventing traffic.Added above domain to URL allowlist as well.I want to bypass IPS only,not HTTPS inspection because it's business email service.

Check Point's 1550 Appliance R81.10.07 - Build 430

All subscriptions & licenses are valid,No errors in configload_status.

 

0 Kudos
5 Replies
Timothy_Hall
Legend Legend
Legend

Command Injection is a Core Activation (not IPS ThreatCloud Protection) and as such general Threat Prevention exceptions do not apply to it.  You need to add a Core Activation exception by editing the Command Injection protection itself and adding the exception there.  If that doesn't work: sk171624: False positive drop for "SQL Injection" and "Command Injection" IPS protections

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Daniel_Cimpeanu
Collaborator

Hi Timothy,

Would this be valid for QLS250? I'm seeing the same behaviour, with traffic being dropped despite having an IPS exception.

Thanks,

Daniel 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Yes - this is IPS AND not specific to Spark SMB.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
pedro_filipe
Explorer

Hey,

I am having the same problem with a 1570. Did you find a way to bypass this False Positive?

Regards

0 Kudos
ANANTADSULE
Participant

You need to create Threat prevention exception for Source-LAN,Destination-any,Protection - Command injection,Service-any,Action-Inactive.

As suggested by TAC.

The exception should apply to traffic from inside the organization to the outside. This protection is specifically for internal servers, so everything else should be excluded.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events