I have recently enabled IPS on my OPNsense 26.1 firewall. This so far has been working great, but when trying to use my work laptop, I saw that "DirectAccess" was not connecting.
First, I was seeing my company IP trying to hit my home IP, but getting blocked with: ET EXPLOIT Possible CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discover
I found that I could add a "User Defined" rule that has my company's IP, and enable "Bypass" and set it to "Alert." I no longer see the ICMP type alerts, but I do see alerts for companyIP:443 to myIP:EphemeralPort that are now being allowed. And DirectAccess is working.
However, I realize this essentially disables all IPS for anything coming from companyIP.
I couldn't find any configuration in the IPS area to only allow certain ports, or to only bypass certain rules for that IP address. Does anything like that exist, or is there any better way to accomplish this? Or do I have it set right as it is.