ATP 800 ADP white lists

alexey

We replace 2 usg1100 to 2 atp800.

Config were convert via converter.

After that each atp has many ADP alerts on any connections between sites (tcp/udp port scan), some aplications (as exchange DAG group, SIP, AD) stop work propely. Adding them to whitelist don't help.

How i can whitelist some addresses wo disable ADP between sites?

Other example:

src="client_ip:33462" dst="dns_ip:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"

ADP block DNS TLS request. How i can whitelist dns_tls to dns server?

FW V5.35(ABIQ.0)ITS-23WK12-0331-230301541 / 2023-03-31 09:04:28

Zyxel_Kevin

Hi @alexey ,

Greeting Forum, Please kindly set the Allow List for ADP service.

If the issue peresist, Please kindly share the related logs and config file by private message.

Thank you

alexey

Hello @Zyxel_Kevin

I wrote on 4th line of question that "Adding them to whitelist don't help"

Config:

service-object DNS_TLS tcp eq 853

idp anomaly white-list activate

idp anomaly white-list allow_dns_tls
source local_range_ip destination dns service DNS_TLS
activate

Traffick blocks with messages

src="ip_from_ local_range_ip:43108" dst=dns:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"

Send config and logs to PM.

Zyxel_Kevin

Hi @alexey ,

The Allow list only for "Flooding Detection".

We would recommend that applying other ADP Profiles for the rule.

For example: you will have profile "customize_profile" and set Action "none" for TCP Decoder.

Thank you