How to exclude a specific IPS Signature ID

05/31/2023 33 People found this article helpful 485,957 Views

Description

IPS policies are organized into Global, Category and individual Signature levels. Each higher level has precedence over lower levels. In certain circumstances it is necessary to exclude a particular Signature ID from blocking access to a website or a service like streaming, without changing the higher level settings like Global and/or Category where that signature ID belongs.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Follow these steps to disable a specific Intrusion Prevention Service (IPS) signature. In this example we are disabling Signature ID 293 - PING

Step 1 : Login to SonicWall Management Interface, go to Policy | Security Services | Intrusion Prevention and Signatures.

Step 2 : Search for signature ID 293 and click on configure button.

Step 3 : In the IPS signature settings window set Prevention to Disable.

Step 4 : Detection can be left unchanged to use the category settings or set to Enable if the usage of services needs to be logged. If set to Disable the usage of the service will not be logged.

Step 5 : Click on OK to save settings.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Follow these steps to disable a specific Intrusion prevention Service (IPS) signature. In this example we are disabling Signature ID 293: PING

Step 1 : Login to SonicWall Management Interface, go to Manage | Security Services |Intrusion Prevention.

Step 2 : Enter the Signature ID (SID) in the Lookup Signature ID field and click on the configure button.

Step 3 : In the IPS Signature Settings window set Prevention to Disable.

Step 4 : Detection can be left unchanged to use the category settings or set to "Enable" if the usage of the service needs to be logged. If set to "Disable" the usage of the service will not be logged.

Step 5 : Click on OK to save the settings.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Follow these steps to disable a specific Intrusion Prevention Service (IPS) signature. In this example we disable Signature ID 2821-Facebook - Browsing Activity 1:

1. Login to the SonicWall Management Interface; go to Security Services | Intrusion Prevention.
2. Enter the Signature ID (SID) in the Lookup Signature ID field and click on the Configure button.

4. In the IPS Signature Settings window set Prevention to "Disable".
5. Detection can be left unchanged to use the category settings or set to "Enable" if the usage of the service needs to be logged. If set to "Disable" the usage of the service will not be logged.
6. Click on OK to save the settings.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How to exclude a specific IPS Signature ID

Description

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch