Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Advisor

IPS - Block HTTP Non Compliant

Hi Mates,

how can I check why this Debian APT download is blocked via IPS?

I only have this with two clients. Others have no issue.

 

image.png

 

Cheers,
David

0 Kudos
4 Replies
_Val_
Admin
Admin

Probably it's best to investigate with TAC

0 Kudos
the_rock
Legend
Legend

Hey David,

Couple of questions:

1) What IPS profile is used in TP policy?

2) Considering this is critical, I assume thats why its blocked...have you tried adding an IPS exception if you know its 100% legit?

Andy

0 Kudos
D_W
Advisor

1) Custom Policy

2) when I let them proxy the traffic via our squid proxy then the IPS is allowing this traffic. Also other Linux Servers downloading these packages have no issue. Only two specific Linux Systems that run this apt-get command via Docker Container have this issue.

I will  go ahead with the TAC 🙂

0 Kudos
Lesley
Leader Leader
Leader

Indeed this will be a TAC case. Reason I think why it works via proxy is because then the proxy will set up the connection and will download the packages. 

Best is to make a packet capture on the gateway and if possible on client. The packet capture in the logs is sometimes not enough for TAC. 

You can try without but i think it makes life more easy for the TAC engineer. 

You are lucky it is HTTP, if it is HTTPS we needed to share a decrypted packet capture for TAC. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events