Options

Exceptions for IPS Based on external domain or ip

tpierce@co.jefferson.tx.ustpierce@co.jefferson.tx.us
in Firebox - Subscription Services

I wish watchguard would move toward being able to customize an IPS exception based on external ip or domain. With more and more cloud services it's getting to the point where for instance I have to allow a certain service to remotely run a vb script which is generally not allowed. I know I can duplicate a policy with the exception and designate an external ip but that seems to be really cluttering up the config and perhaps being a resource hog.

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @tpierce@co.jefferson.tx.us

    There is an open feature request for this already -- it's FBX-11806.
    If you'd like to follow that request, please create a case and mention that somewhere in the details.

    The reason you can't do this today is that IPS scanning happens very early in the firewall's order of operations (before the firewall looks at FROM, or TO data in each policy) in order to kick potentially bad connections out as quickly as possible.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.