ATP 800 ADP white lists
We replace 2 usg1100 to 2 atp800.
Config were convert via converter.
After that each atp has many ADP alerts on any connections between sites (tcp/udp port scan), some aplications (as exchange DAG group, SIP, AD) stop work propely. Adding them to whitelist don't help.
How i can whitelist some addresses wo disable ADP between sites?
Other example:
src="client_ip:33462" dst="dns_ip:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"
ADP block DNS TLS request. How i can whitelist dns_tls to dns server?
FW V5.35(ABIQ.0)ITS-23WK12-0331-230301541 / 2023-03-31 09:04:28
All Replies
-
Hi @alexey ,
Greeting Forum, Please kindly set the Allow List for ADP service.
If the issue peresist, Please kindly share the related logs and config file by private message.
Thank you
0 -
Hello @Zyxel_Kevin
I wrote on 4th line of question that "Adding them to whitelist don't help"
Config:
service-object DNS_TLS tcp eq 853
idp anomaly white-list activate
idp anomaly white-list allow_dns_tls
source local_range_ip destination dns service DNS_TLS
activateTraffick blocks with messages
src="ip_from_ local_range_ip:43108" dst=dns:853" msg="Rule_id:2 from IPSec_VPN to Any, [type:TCP-Decoder(70)] obsolete-options Action:Drop Packet" note="ACCESS BLOCK" user="unknown" devID="aabbccddeeff" cat="ADP" class="" act="Drop Packet" sid=70 ob="0" ob_mac="000000000000"
Send config and logs to PM.
0 -
Hi @alexey ,
The Allow list only for "Flooding Detection".
We would recommend that applying other ADP Profiles for the rule.
For example: you will have profile "customize_profile" and set Action "none" for TCP Decoder.
Thank you
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight