Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

IPS: Per-Rule IPS Exceptions

Extended the exceptions functionality to allow for specific rules as part of an exception.

This will allow for much more granular IPS exceptions in being able to specify a rule be disable/excepted only for a certain traffic flow, like for rule 2122 from Internet to Webserver, without disabling the rule globally or by exempting the resource from IPS fully.

77 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gert HansenGert Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    UllrichUllrich shared a merged idea: Intrusion Detection System  ·   · 

    14 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • GetParanoidGetParanoid commented  ·   ·  Flag as inappropriate

        I'm amazed that people have been asking for this one for FIVE years and it is still NOT done!

      • HagiHagi commented  ·   ·  Flag as inappropriate

        We need it too. Please Review this request. It`s an important feature!

      • AndrewAndrew commented  ·   ·  Flag as inappropriate

        If this is not implemented, we at least need to be able to see more information about modified rules and the ability to add comments so we know why they're modified.

      • Jason MougeotJason Mougeot commented  ·   ·  Flag as inappropriate

        This should be default for any IPS system! I work with Cisco IPS, Dragon, IBM ISS, SourceFire and Trendmicro systems and this is a must for proper IPS filtering.

      • MichaelRMichaelR commented  ·   ·  Flag as inappropriate

        Yeah, gread idea! This is a huuuuuge problem because of different network services published on the same IP. There's no way to handle this secure right now...

      • ThomasThomas commented  ·   ·  Flag as inappropriate

        It would be great if that was implemented. At the moment you have to disable a complete rule instead of just eliminating false positives apearing inside your own network. Also as Elmar stated the exceptions are a bit useless without the possibility to combine source and destination via AND.

      • bjack985bjack985 commented  ·   ·  Flag as inappropriate

        I agree, a v6 type configuration would be better that what's there now, but it needs to be flexible for new rules and edits to existing rules with the ability to revert an edited rule back to it's factory syntax.
        There should also be a way to fetch rules files from a central location. I'm not going to pretend to know the details of that methodology, but it seems doable.

      • BrucekConvergentBrucekConvergent commented  ·   ·  Flag as inappropriate

        I'm outta votes, but we do need a way to add our own rules, as we could in Version 6. I think the current method for managing the automatic ruleset is OK,but we need the ability to add custom rules again.

      • Elmar HaagElmar Haag commented  ·   ·  Flag as inappropriate

        I think it would be sufficient to change the "exceptions" dialogue the conjunction "source" and "destination network" from an "OR" to an "AND"

      Feedback and Knowledge Base