IPS: Flash content is blocked when accessing any website on the Internet
03/26/2020 16 People found this article helpful 462,195 Views
Description
The SWF file format delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe Flash Player and Adobe AIR software.
Flash Video (with .FLV file extension) is the file format used to deliver video over the Internet using Adobe Flash Player. Notable users of the Flash Video format include YouTube, Google Video, Reuters.com and Yahoo! Video.
SonicWall IPS Signatures 148, 219 and 575 detects/prevents SWF file download.
SonicWall IPS Signatures 58, 59 and 78 detect/prevent the downloading of .FLV video hosted by different streaming servers.
SonicWall IPS also organizes signatures based on attack categories. The above signatures are categorized as Low Priority attacks and listed in the MULTIMEDIA category.
Resolution
Ensure that the SonicWall IPS is not preventing Low Priority attacks or edit the above mentioned IPS signature and disable them manually.
Step 1: Login to the SonicWall Management Interface.
Step 2: Go to Security Services | Intrusion Prevention.
Step 3: Under IPS Global Settings section uncheck the Low Priority attacks for Prevent All.
Step 4: Click on Accept button to apply the changes.
If Detect All is enabled for a signature group in the Signature Groups table, the SonicWall security appliance logs and alerts any traffic that matches any signature in the group, but does not take any action against the traffic. The connection proceeds to its intended destination. You view the SonicWall log on the Log > View page.
To edit an individual signature follow these steps:
- Login to the SonicWall Management Interface; go to Security Services > Intrusion Prevention.
- Select an individual category from the Category menu or enter the Signature ID (SID) in the Lookup Signature ID field.
- Select a signature category under IPS Policies., Click on the edit icon in the Configure column for the category you want to change.
- Set Prevention to "Disable".
- Set Detection to "Disable".
- Select from the include list the individual network address or range object you wish not to apply to this signature.
- Press the OK button.
Related Articles
Categories
Was This Article Helpful?
YESNO