USG Flex 700 - how to discover IPS signature for allow list
We've got a new IP surveillance camera installed in our premises. To access it from outside, different NAT rules and Security Policies have been created. Unfortunately the IPS service blocks the RTSP connection to that camera, while other RTSP streams to other cameras are working fine.
The USG log is showing: SSI:N [type:Sig(116783)] VLC Media Player RTSP Plugin Stack Buffer-Overflow Action:Reje
When disabling the IPS service we have access to that camera, too. But it's not a solution to switch-off the IPS service permanently.
How can we discover the affected signature of the RTSP stream in order to add it to the IPS Allow List? Should we simply use the signature number listed in the Zyxel Link (116783) of the log entry?
All Replies
-
Just add the Signature ID into the IPS allow list.
0 -
Hi @USG_User ,
IPS allow list is at CONFIGURATION > Security Service > IPS > Allow list.
0 -
I've done it and it works. Thanks
But I'm a little bit concerned that we have to set this threat ID to the allow list since this ID is originally intended for "VLC Media Player RTSP Plugin Stack Buffer-Overflow" and not for ordinary RTSP camera streams.
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 926 Nebula FAQ
- 422 Security FAQ
- 238 Switch FAQ
- 210 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight