How to exclude a specific IPS Signature ID
03/26/2020 20 10921
IPS policies are organized into Global, Category and individual Signature levels. Each higher level has precedence over lower levels. In certain circumstances it is necessary to exclude a particular Signature ID from blocking access to a website or a service like streaming, without changing the higher level settings like Global and/or Category where that signature ID belongs.
Follow these steps to disable a specific Intrusion Prevention Service (IPS) signature. In this example we disable Signature ID 2821-Facebook - Browsing Activity 1:
1. Login to the SonicWall Management Interface; go to Security Services | Intrusion Prevention.
2. Enter the Signature ID (SID) in the Lookup Signature ID field and click on the Configure button.
4. In the IPS Signature Settings window set Prevention to "Disable".
5. Detection can be left unchanged to use the category settings or set to "Enable" if the usage of the service needs to be logged. If set to "Disable" the usage of the service will not be logged.
6. Click on OK to save the settings.