AnsweredAssumed Answered

IPS exception for pre R80 gateways with R80 SMS

Question asked by Maik Dummer on Sep 5, 2018
Latest reply on Sep 7, 2018 by Dameon Welch Abernathy

Hello guys,

 

I have a question regarding the IPS exception possibilites for threat prevention profiles within a R80 SMS that is applied to pre R80 gateways. To be precise; the gateways in this case are running R76.50 (scalable platform release). As far as I've seen it is only possible to configure exceptions in the threat prevention exceptions tab - and here I realized that the action for any exceptions that need to be applied to pre R80 gateways is "inactive". But with that in place I am not able to see anything in my logs as IPS checking is just not done on the specific traffic described in the threat prevention exception rule. Now my question is - am I missing something or is there really no chance to configure "detect", so that IPS logs are still being received for the exception? I personally do not want to just ignore it in the first place. My plan is to have the SIEM team check whether its a false positive (during this time I want the detect option) and after confirming the false positive its fine for me to just set the action to "inactive".

Thanks in advance for any advices!

 

Best regards,

Maik

Outcomes