- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to exclude a user group from being blocked by Intrusion Prevention Service (IPS) signature
03/26/2020 
15 People found this article helpful
100,681 Views
Description
How to exclude a user group from being blocked by Intrusion Prevention Service (IPS) signatures
Resolution
Feature/Application:
The IPS Global Settings is mainly an easy way to deploy the IPS when a Network Administrator does not want to invest time and effort to fine-tune the IPS of the SonicWall UTM appliance. In many circumstances this will suffice, but it does have drawbacks, since a network administrator may block too much, breaking valid traffic in the network.
This scenario based article provides step-by-step instructions to exclude certain users from being blocked by certain IPS signatures.
Caution: This configuration requires internet access to be authenticated. For more information on User Level Authentication please refer KB ID 4977
- In this article the signature being used is ID 173 – Windows Live Messenger – Login Attempt.
- Under IPS Global Settings High and Medium Priority Attacks are enabled for Prevent All and Detect All.
- Low Priority Attacks are enabled only for Detect All.
- Signature ID 173 needs to be enabled for prevention so users, except some, will be unable to login to the MSN Messenger client.
- For this article user group has been imported from LDAP but even a local user group would do as well.
Procedure:
Tasklist:
Enable IPS on LAN Zone
Create access rules
Select the User Group for exclusion
Intrusion Prevention settings
Step 1. Login to the Sonicwall Management interface.
Step 2. Check Enable IPS on the LAN Zone under Network > Zones.
Step 3. Create a LAN to WAN access rules with Users as Trusted Users under Firewall > Access Rules.
Select the User Group for exclusion
Step 4. Import the user group to be allowed MSN Messenger access from MS Active Directory or create a local user group under the Users > Local Groups page.
Step 5. Enter Signature ID 173 under Security Services > Intrusion Prevention > Lookup Signature ID
Step 6. On the IPS Signature Settings window, set Prevention to Low
Step 7. Set Included Group to All
Step 8. Under Excluded Group select the user group to be excluded from prevention. In this example, the user group is called Allow.
Step 8. Click on Ok.
Step 9. Test the configuration. Users belonging to the Allow group will be able to use MSN Messenger but everyone else will be blocked.
Related Articles
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO