Global IPS Exception for "Any" protection does not work
- The below article provides solution for different scenarios when Global IPS Exception for "Any" protection does not work.
Please see the below symptoms and follow the solution.
Unauthenticated MS-RPC traffic" error for dropped DCE-RPC traffic on port 135.
When using Network Exception in IPS and using ANY in Protections, the exception does not work and we can see IPS logs for this traffic in SmartView Tracker.
Changing the ANY to a specific protection makes it work as it should and no more logs are seen in SmartView Tracker. IPS exception does not work when the DCE-RPC connection is resumed and might not work for SMTP traffic.
- Global IPS Exception for protection "Any" does not work for SMTP, IMAP and POP3 traffic when using IPS with Anti-Virus or another blade.
The IPS log shows that traffic from the globally excluded servers still hits these protections.
- Traffic is dropped as "
Invalid Bind ACK message" when IPS exception for protection "ANY" is configured.
Note: To view this solution you need to