Our Windows clients have problems to get downloads from our WSUS Server. (Clients and Server in different Networks)
Astaro ASG V8.306
trigger the update on the windows client with wuauclt /detectnow the Astaro ips live log shows the following drop:
2012:11:20-14:02:26 mail1 snort[10367]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit" group="110" srcip="a.b.c.d" dstip="e.f.g.h" proto="6" srcport="80" dstport="52793" sid="18592" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
There is an ips exception for a.b.c.d - seems not working?
I disabled the rule 18592 - next drop was rule 15672. After disabling next drip sid 15670, 47988 .. - then i stopped.
I added the Server a.b.c.d to the internal list.
Created an ips exeption with source a.b.c.d and destination e.f.g.h - the packets are still dropped.
The WSUS ClientDiag detects no errors.
The actual configuration worked for years. In the first week of november the downloads stopped. The wsus errors says, that there is a problem with the proxy. But the clients have no proxy configuration.
How can i disable the IPS rule/how can i configure the ASG to transfer - and not drop - the packets from Server a.b.c.d to network e.f.g.h?
Astaro ASG V8.306
trigger the update on the windows client with wuauclt /detectnow the Astaro ips live log shows the following drop:
2012:11:20-14:02:26 mail1 snort[10367]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit" group="110" srcip="a.b.c.d" dstip="e.f.g.h" proto="6" srcport="80" dstport="52793" sid="18592" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
There is an ips exception for a.b.c.d - seems not working?
I disabled the rule 18592 - next drop was rule 15672. After disabling next drip sid 15670, 47988 .. - then i stopped.
I added the Server a.b.c.d to the internal list.
Created an ips exeption with source a.b.c.d and destination e.f.g.h - the packets are still dropped.
The WSUS ClientDiag detects no errors.
The actual configuration worked for years. In the first week of november the downloads stopped. The wsus errors says, that there is a problem with the proxy. But the clients have no proxy configuration.
How can i disable the IPS rule/how can i configure the ASG to transfer - and not drop - the packets from Server a.b.c.d to network e.f.g.h?