Hello,
from time to time i need to transfer a lot of backup data from one local network to another (from LAN to DMZ using Veeam Agent for Microsoft). I don't want to disable IDS/IPS on these interfaces, but is it possible to bypass IDS/IPS to NFS (TCP/2049) during transfer? I haven't found any hints on how to write a rule that leaves Suricatas ruleset very early. Suricata's documentation is unclear to me at this point (https://suricata.readthedocs.io/en/suricata 6.0.0/performance/ignoring-traffic.html).
What would be the best way to accomplish my requirement?
Also, some ip addresses in the DMZ need to receive data from clients on the LAN side via snmp (naturally emerging-scan.rules prevents this). How can we make these ip addresses bypass the ids rules?
Since Suricata is scanning everything that goes over an interface, the solution is likely another interface.