ATP 800 ADP white lists
We replace 2 usg1100 to 2 atp800.
Config were convert via converter.
After that each atp has many ADP alerts on any connections between sites (tcp/udp port scan), some aplications (as exchange DAG group, SIP, AD) stop work propely. Adding them to whitelist don't help.
How i can whitelist some addresses wo disable ADP between sites?
Other example:
src="client_ip:33462" dst="dns_ip:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"
ADP block DNS TLS request. How i can whitelist dns_tls to dns server?
FW V5.35(ABIQ.0)ITS-23WK12-0331-230301541 / 2023-03-31 09:04:28
All Replies
-
Hi @alexey ,
Greeting Forum, Please kindly set the Allow List for ADP service.
If the issue peresist, Please kindly share the related logs and config file by private message.
Thank you
0 -
Hello @Zyxel_Kevin
I wrote on 4th line of question that "Adding them to whitelist don't help"
Config:
service-object DNS_TLS tcp eq 853
idp anomaly white-list activate
idp anomaly white-list allow_dns_tls
source local_range_ip destination dns service DNS_TLS
activateTraffick blocks with messages
src="ip_from_ local_range_ip:43108" dst=dns:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"
Send config and logs to PM.
0 -
Hi @alexey ,
The Allow list only for "Flooding Detection".
We would recommend that applying other ADP Profiles for the rule.
For example: you will have profile "customize_profile" and set Action "none" for TCP Decoder.
Thank you
0
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 81 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 907 Nebula FAQ
- 415 Security FAQ
- 236 Switch FAQ
- 206 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 138 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight