IDP block VPN access

kyssling
kyssling Posts: 107  Ally Member
First Comment First Answer Friend Collector Sixth Anniversary
Hello, can anybody help me and explain best fix solution ?

After upgrade USG110 to FW4.65/or update IDP to 3.2.4.268, computer from our LAN
cannot join to external VPN, using VPN from Windows 10 (before two weeks is connected OK).

On router :
warn,idp,ACCESS BLOCK,lan1,wan1,tcp,Rule_id=20 SSI=N [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) Action: Reject Both Severity: high
https://threatintelligence.zyxel.com/idp

Ii this false detection ? Or is safe Disable this item from IDP ?
What i can do (create exception) ?

Thanks for help !

Accepted Solution

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,247  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @kyssling

    Could you provide the reproduced procedures to us?

    Which VPN connection method you used on your Windows 10 PC?  L2TP or SSL VPN?

    BTW, if that would impact your VPN service, you could inactivate the IDP signature 1139379 temporarily.



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Hello, very thanks for fast answer, i try it on monday or wednesday (when user is on our Lan, from home he is connect to VPN without problem)  and write feedback.
  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    edited August 2021
    Hello, sorry for delay, but external worker have holiday ...
    Today i try VPN connection and connect to external VPN is running without any problem.
    (She use PPTP protocol)

    So I search on IDP : [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) and NONE found...

    Can you confirm that this signature is deleted on IDP update 3.2.4.269/3.2.4.270 ?
    (on IDP to 3.2.4.268 this signature exist)

    Thanks Vaclav
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,247  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight