So I have been updating the Check Point IPS signatures in my lab more aggressively lately, and flipped (almost all) of them into “protect” mode. I have noticed some of the signatures are detecting issues with some well known products and services. This is in no means a critique of the accuracy of the signatures, but rather some documentation on what I am seeing.

Just a few days ago I noticed Netflix stopped working in the house. Seeing the “Connection was reset” message in Firefox is always an indicator of an IPS issue.

Firefox connection was reset...
Firefox connection was reset…

 

 

 

 

 

 

 

 

So firing up SmartDashboard and Tracker (R77.20) mode revealed the following signature blocking access:

Non-Compliant HTTP

 

 

 

 

 

 

 

 

 

 

 

 

Okay well that is a pretty major signature. Non-compliant HTTP? The easy path is to just flip it into ‘detect’ and get on with House of Cards. Should I create an exception? Summarize all of AWS?

But the curious side of me thinks about tinkering…

Non-Compliant HTTP tuning

 

 

 

 

 

 

Inadvertent IPS Block of the Week

Leave a Reply

Your email address will not be published. Required fields are marked *