USG Flex 700 - how to discover IPS signature for allow list

USG_User
USG_User Posts: 374  Master Member
5 Answers First Comment Friend Collector Sixth Anniversary
edited June 2023 in Security

We've got a new IP surveillance camera installed in our premises. To access it from outside, different NAT rules and Security Policies have been created. Unfortunately the IPS service blocks the RTSP connection to that camera, while other RTSP streams to other cameras are working fine.

The USG log is showing: SSI:N [type:Sig(116783)] VLC Media Player RTSP Plugin Stack Buffer-Overflow Action:Reje

When disabling the IPS service we have access to that camera, too. But it's not a solution to switch-off the IPS service permanently.

How can we discover the affected signature of the RTSP stream in order to add it to the IPS Allow List? Should we simply use the signature number listed in the Zyxel Link (116783) of the log entry?

All Replies

  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    Just add the Signature ID into the IPS allow list.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @USG_User ,

    IPS allow list is at CONFIGURATION > Security Service > IPS > Allow list.

  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    I've done it and it works. Thanks

    But I'm a little bit concerned that we have to set this threat ID to the allow list since this ID is originally intended for "VLC Media Player RTSP Plugin Stack Buffer-Overflow" and not for ordinary RTSP camera streams.

Security Highlight