ATP 800 ADP white lists

alexey · April 2023

We replace 2 usg1100 to 2 atp800.

Config were convert via converter.

After that each atp has many ADP alerts on any connections between sites (tcp/udp port scan), some aplications (as exchange DAG group, SIP, AD) stop work propely. Adding them to whitelist don't help.

How i can whitelist some addresses wo disable ADP between sites?

Other example:

src="client_ip:33462" dst="dns_ip:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"

ADP block DNS TLS request. How i can whitelist dns_tls to dns server?

FW V5.35(ABIQ.0)ITS-23WK12-0331-230301541 / 2023-03-31 09:04:28

Zyxel_Kevin · April 2023

Hi @alexey ,

Greeting Forum, Please kindly set the Allow List for ADP service.

If the issue peresist, Please kindly share the related logs and config file by private message.

Thank you

alexey · April 2023

Hello @Zyxel_Kevin

I wrote on 4th line of question that "Adding them to whitelist don't help"

Config:

service-object DNS_TLS tcp eq 853

idp anomaly white-list activate

idp anomaly white-list allow_dns_tls
source local_range_ip destination dns service DNS_TLS
activate

Traffick blocks with messages

src="ip_from_ local_range_ip:43108" dst=dns:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"

Send config and logs to PM.