IPS: Flash content is blocked when accessing any website on the Internet

03/26/2020 15 People found this article helpful 197,014 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

The SWF file format delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe Flash Player and Adobe AIR software.

Flash Video (with .FLV file extension) is the file format used to deliver video over the Internet using Adobe Flash Player. Notable users of the Flash Video format include YouTube, Google Video, Reuters.com and Yahoo! Video.

SonicWall IPS Signatures 148, 219 and 575 detects/prevents SWF file download.
SonicWall IPS Signatures 58, 59 and 78 detect/prevent the downloading of .FLV video hosted by different streaming servers.

SonicWall IPS also organizes signatures based on attack categories. The above signatures are categorized as Low Priority attacks and listed in the MULTIMEDIA category.

Resolution

Ensure that the SonicWall IPS is not preventing Low Priority attacks or edit the above mentioned IPS signature and disable them manually.

Step 1: Login to the SonicWall Management Interface.
Step 2: Go to Security Services | Intrusion Prevention.
Step 3: Under IPS Global Settings section uncheck the Low Priority attacks for Prevent All.
Step 4: Click on Accept button to apply the changes.

If Detect All is enabled for a signature group in the Signature Groups table, the SonicWall security appliance logs and alerts any traffic that matches any signature in the group, but does not take any action against the traffic. The connection proceeds to its intended destination. You view the SonicWall log on the Log > View page.

To edit an individual signature follow these steps:  

1. Login to the SonicWall Management Interface; go to Security Services > Intrusion Prevention.
2. Select an individual category from the Category menu or enter the Signature ID (SID) in the Lookup Signature ID field.
3. Select a signature category under IPS Policies., Click on the edit icon in the Configure column for the category you want to change.  
4. Set Prevention to "Disable".
5. Set Detection to "Disable".
6. Select from the include list the individual network address or range object you wish not to apply to this signature.
7. Press the OK button.

Related Articles

• Identical Access Rules for different users/user groups
• Advanced Network Security eLearning Training Course
• Network Security Essentials eLearning Training Course

Categories

• Firewalls > TZ Series
• Firewalls > SonicWall SuperMassive E10000 Series
• Firewalls > SonicWall SuperMassive 9000 Series
• Firewalls > SonicWall NSA Series