Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Nov 2018
    Posts
    3

    Default Assistance with IPS customization

    Hello,

    I recently ran into a problem where the new updated VOIP integrated into Playstation related services has been getting blocked by the IPS system. The new version of their voice client has some new nat traversal capabilities.

    This is the Classtype and Message that is false positive.
    attempted-user
    ET INFO Session Traversal Utilities for NAT (STUN Binding Request)

    I was wondering if there was a way to bypass that specific "rule" for specific destination and/or source addresses (the playstation ips), bypass IPS entirely for the on-prem playstations, or something similar. Even if I can just disable or switch that specific signature to log only would be an option I'd be happy with too although "whitelisting" the ps4's would be ideal.

    I would rather not have IPS only logging or turned off if possible.

    Thank you for your assistance!

  2. #2
    Master Untangler
    Join Date
    Mar 2017
    Posts
    184

    Default

    I'm wondering if you can simply add a new rule with the following conditions:

    • source address for your Playstation
    • Classtype and Message of the false positive rule
    • Action Whitelist



    This should do the trick. Of course put it before the other active rules.
    Happily untangling the average household: 20-25 active devices, 13 racks, each with 3 - 8 apps, OpenVPN 1 in, IPSec 1 road-warrior, TunnelVPN 3 out, IPS on. Spice it up with VLANs and mix with tons of rules.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2