Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephan_Lache
Participant
Jump to solution

Access policy matching and IPS autonomous

Hey Checkmates,

 

i have a question regarding access policy matching in conjunction with IPS ( autonomous mode)

I have blocked traffic from an known malicious IP in an access policy.

I can see that the relevant traffic is dropped but nevertheless the traffic hits the IPS blade.

Is this a expected behavior?

I thought that no further inspection is going on, when the traffic is dropped by the access rule.

Thanks in advance

 

Stephan

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Yes most likely due to some implied rules.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

Are you able to share a copy of the redacted log card for review, which protection is matched?

CCSM R77/R80/ELITE
0 Kudos
Stephan_Lache
Participant

I just found that transit traffic is dropped like expected and not hitting the IPS blade.

Traffic to the gateways seems to be handled different , as this is inspected by IPS.

Chris_Atkinson
Employee Employee
Employee

Yes most likely due to some implied rules.

CCSM R77/R80/ELITE
0 Kudos
Stephan_Lache
Participant

Thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events