-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to exclude a user group from being blocked by Intrusion Prevention Service (IPS) signature
03/26/2020 
20 People found this article helpful
475,304 Views
Description
How to exclude a user group from being blocked by Intrusion Prevention Service (IPS) signatures
Resolution
Feature/Application:
The IPS Global Settings is mainly an easy way to deploy the IPS when a Network Administrator does not want to invest time and effort to fine-tune the IPS of the SonicWall UTM appliance. In many circumstances this will suffice, but it does have drawbacks, since a network administrator may block too much, breaking valid traffic in the network.
This scenario based article provides step-by-step instructions to exclude certain users from being blocked by certain IPS signatures.
Caution: This configuration requires internet access to be authenticated. For more information on User Level Authentication please refer KB ID 4977
- In this article the signature being used is ID 173 – Windows Live Messenger – Login Attempt.
- Under IPS Global Settings High and Medium Priority Attacks are enabled for Prevent All and Detect All.
- Low Priority Attacks are enabled only for Detect All.
- Signature ID 173 needs to be enabled for prevention so users, except some, will be unable to login to the MSN Messenger client.
- For this article user group has been imported from LDAP but even a local user group would do as well.
Procedure:
Tasklist:
Enable IPS on LAN Zone
Create access rules
Select the User Group for exclusion
Intrusion Prevention settings
Step 1. Login to the Sonicwall Management interface.
Step 2. Check Enable IPS on the LAN Zone under Network > Zones.
Step 3. Create a LAN to WAN access rules with Users as Trusted Users under Firewall > Access Rules.
Select the User Group for exclusion
Step 4. Import the user group to be allowed MSN Messenger access from MS Active Directory or create a local user group under the Users > Local Groups page.
Step 5. Enter Signature ID 173 under Security Services > Intrusion Prevention > Lookup Signature ID
Step 6. On the IPS Signature Settings window, set Prevention to Low
Step 7. Set Included Group to All
Step 8. Under Excluded Group select the user group to be excluded from prevention. In this example, the user group is called Allow.
Step 8. Click on Ok.
Step 9. Test the configuration. Users belonging to the Allow group will be able to use MSN Messenger but everyone else will be blocked.
Related Articles
- How to re-deploy a NSv in the existing resource group in azure platform
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO signature&body=https://www.sonicwall.com/support/knowledge-base/how-to-exclude-a-user-group-from-being-blocked-by-intrusion-prevention-service-ips-signature/170503520803318/upload/images/sonicwall/090170801641282.png){kind=link}