AnsweredAssumed Answered

IPS exception for pre R80 gateways with R80 SMS

Question asked by Maik Dummer on Sep 5, 2018
Latest reply on Sep 7, 2018 by Dameon Welch-Abernathy

Hello guys,


I have a question regarding the IPS exception possibilites for threat prevention profiles within a R80 SMS that is applied to pre R80 gateways. To be precise; the gateways in this case are running R76.50 (scalable platform release). As far as I've seen it is only possible to configure exceptions in the threat prevention exceptions tab - and here I realized that the action for any exceptions that need to be applied to pre R80 gateways is "inactive". But with that in place I am not able to see anything in my logs as IPS checking is just not done on the specific traffic described in the threat prevention exception rule. Now my question is - am I missing something or is there really no chance to configure "detect", so that IPS logs are still being received for the exception? I personally do not want to just ignore it in the first place. My plan is to have the SIEM team check whether its a false positive (during this time I want the detect option) and after confirming the false positive its fine for me to just set the action to "inactive".

Thanks in advance for any advices!


Best regards,