{"id":6172,"date":"2019-02-25T15:01:17","date_gmt":"2019-02-25T14:01:17","guid":{"rendered":"https:\/\/www.boc.de\/watchguard-info-portal\/?p=6172"},"modified":"2019-02-25T15:01:17","modified_gmt":"2019-02-25T14:01:17","slug":"known-issue-intrusion-prevention-service-ips-false-positive-signature-id-1134424","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2019\/02\/known-issue-intrusion-prevention-service-ips-false-positive-signature-id-1134424\/","title":{"rendered":"Known Issue: Intrusion Prevention Service (IPS) false positive \u2013 Signature ID: 1134424"},"content":{"rendered":"

WatchGuard hat bekannt gegeben, dass der Intrusion Prevention Service (IPS) derzeit einen “Known Issue” aufweist, also ein bekanntes Problem. Dies betrifft die Signature ID 1134424: Die WatchGuard-Firewall\u00a0erkennt hier f\u00e4lschlicherweise eine Sicherheitsl\u00fccke, die gar nicht vorhanden ist (false positive).<\/p>\n

<\/p>\n

\"\"Dieses Problem kann speziell nach dem letzten Update am 20.02. auf die IPS-Version 4.912 bei allen Firebox & XTM Appliances mit der Fireware 12.x auftreten.<\/p>\n

WatchGuard arbeitet aktuell daran, das Problem zu beheben und empfiehlt in der Zwischenzeit als Workaround eine IPS-Ausnahme f\u00fcr die Signatur 1134424 zu erstellen:<\/p>\n

    \n
  1. Navigieren Sie im\u00a0Policy Manager oder in der Web UI\u00a0zu Subscription Services -> Intrusion Prevention<\/strong><\/li>\n
  2. Klicken Sie auf Exceptions<\/strong><\/li>\n
  3. im Signature ID Feld die entsprechende ID (1134424<\/strong>) eintragen<\/li>\n
  4. als Action “Allow”<\/strong> ausw\u00e4hlen und ggf. Log aktivieren<\/li>\n
  5. anschlie\u00dfend mit einem Klick auf “add” best\u00e4tigen<\/li>\n<\/ol>\n

     <\/p>\n

    Originalmeldung von WatchGuard:<\/p>\n

    WatchGuard has identified a false positive with the Intrusion Prevention Service. Specifically, signature 1134424 in the 4.912 IPS update released on Wednesday, 20 February 2019. We are currently working with our vendor to correct the false positive. The signature itself has been observed to match unintended HTTP and HTTPS connections that pass through the Firebox IPS scanning service\u00a0(Security Portal Signature details<\/a>).<\/em><\/p>\n

    To work around this issue, create an IPS exception for signature 1134424. You can find instructions on how to create an IPS signature in both Web UI and Policy Manager in WatchGuard Help Center<\/a>. If an Intrusion Prevention action was configured to Block IP addresses that matched IPS signatures, several IP addresses may have been added to the blocked sites list. These entries are not automatically cleared after you add the exception. We recommend you review your current blocked sites list and manually remove any entries that were blocked because of \u201cIPS autoblock\u201d. You can find more information about how to manage blocked sites in the WatchGuard Help Center<\/a>. We apologize for any inconvenience. To follow up with questions or to request notification for when this issue has been addressed, please contact Technical Support<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

    WatchGuard hat bekannt gegeben, dass der Intrusion Prevention Service (IPS) derzeit einen “Known Issue” aufweist, also ein bekanntes Problem. Dies betrifft die Signature ID 1134424: Die WatchGuard-Firewall\u00a0erkennt hier f\u00e4lschlicherweise eine Sicherheitsl\u00fccke, die gar nicht vorhanden ist (false positive).<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[445,3],"tags":[527,334,400,423],"class_list":["post-6172","post","type-post","status-publish","format-standard","hentry","category-aktuelle-nachrichten","category-watchguard-technischer-blog","tag-false-positive","tag-intrusion-prevention","tag-ips","tag-known-issue"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/6172"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=6172"}],"version-history":[{"count":3,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/6172\/revisions"}],"predecessor-version":[{"id":6182,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/6172\/revisions\/6182"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=6172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=6172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=6172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}