How to exclude a specific IPS Signature ID

Description


IPS policies are organized into Global, Category and individual Signature levels. Each higher level has precedence over lower levels. In certain circumstances it is necessary to exclude a particular Signature ID from blocking access to a website or a service like streaming, without changing the higher level settings like Global and/or Category where that signature ID belongs.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


Follow these steps to disable a specific Intrusion Prevention Service (IPS) signature. In this example we are disabling Signature ID 293 - PING

Step 1 : Login to SonicWall Management Interface, go to Policy | Security Services | Intrusion Prevention and Signatures.

Step 2 : Search for signature ID 293 and click on configure button.


Image


Image


Step 3 : In the IPS signature settings window set Prevention to Disable.

Step 4 : Detection can be left unchanged to use the category settings or set to Enable if the usage of services needs to be logged. If set to Disable the usage of the service will not be logged.

Step 5 : Click on OK to save settings.


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


Follow these steps to disable a specific Intrusion prevention Service (IPS) signature. In this example we are disabling Signature ID 293: PING

Step 1 : Login to SonicWall Management Interface, go to Manage | Security Services |Intrusion Prevention.

Step 2 : Enter the Signature ID (SID) in the Lookup Signature ID field and click on the configure button.

Image


Image


Step 3 :  In the IPS Signature Settings window set Prevention to Disable.

Step 4 : Detection can be left unchanged to use the category settings or set to "Enable" if the usage of the service needs to be logged. If set to "Disable" the usage of the service will not be logged.

Step 5 : Click on OK to save the settings.


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


Follow these steps to disable a specific Intrusion Prevention Service (IPS) signature. In this example we disable Signature ID 2821-Facebook - Browsing Activity 1:

1. Login to the SonicWall Management Interface; go to Security Services | Intrusion Prevention.
2. Enter the Signature ID (SID) in the Lookup Signature ID field and click on the Configure button.

Image

Image

4. In the IPS Signature Settings window set Prevention to "Disable".
5. Detection can be left unchanged to use the category settings or set to "Enable" if the usage of the service needs to be logged.  If set to "Disable" the usage of the service will not be logged.
6. Click on OK to save the settings.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community