USG Flex 700 - how to discover IPS signature for allow list

Options
USG_User
USG_User Posts: 369  Master Member
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Security

We've got a new IP surveillance camera installed in our premises. To access it from outside, different NAT rules and Security Policies have been created. Unfortunately the IPS service blocks the RTSP connection to that camera, while other RTSP streams to other cameras are working fine.

The USG log is showing: SSI:N [type:Sig(116783)] VLC Media Player RTSP Plugin Stack Buffer-Overflow Action:Reje

When disabling the IPS service we have access to that camera, too. But it's not a solution to switch-off the IPS service permanently.

How can we discover the affected signature of the RTSP stream in order to add it to the IPS Allow List? Should we simply use the signature number listed in the Zyxel Link (116783) of the log entry?

All Replies

  • zyman2008
    zyman2008 Posts: 199  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Just add the Signature ID into the IPS allow list.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @USG_User ,

    IPS allow list is at CONFIGURATION > Security Service > IPS > Allow list.

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    I've done it and it works. Thanks

    But I'm a little bit concerned that we have to set this threat ID to the allow list since this ID is originally intended for "VLC Media Player RTSP Plugin Stack Buffer-Overflow" and not for ordinary RTSP camera streams.

Security Highlight