Results 1 to 1 of 1
  1. #1
    Newbie
    Join Date
    Mar 2020
    Posts
    1

    Default Rules not evaluating properly after latest 3-19-20 release

    When I set threat prevention rules they seem to be applying as "OR" statements, instead of "AND". I created this rule:

    threat_prevention_rules033020.jpg

    This is my All Web Events report after enabling that rule:

    allowed_highrisk.jpg

    As you can see it allowed a High Risk IP through with port 80 being the only matching part.

    This is my Blocked Web Events while the rule is active:

    no_webevents_blocked.jpg.

    And this is what it looks like with the rule off:

    web_events_blocked_rule_off.jpg

    The only successful workaround I've been able to come up with is only adding the Source IP Address to a Pass rule in threat prevention. I would like these rules to apply as they should as I don't want to open every port for each IP Address "pass". Just the port I want them to access. Anything else you need from me please let me know.
    Last edited by awarren; 03-30-2020 at 10:39 AM. Reason: formatting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2