Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Help request: how to compose a policy in the right way
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help request: how to compose a policy in the right way (Read 2386 times)
Northguy
Full Member
Posts: 118
Karma: 11
Help request: how to compose a policy in the right way
«
on:
October 14, 2021, 12:37:51 pm »
Hi guys,
Who can help me figure out what I am doing wrong in configuring a policy.
Use case:
* enabled IPS
* Enabled ET telemetry/emerging-web_client
* Created a policy to drop instead of alert
- selected appropriate rulesets
- modified yellow highlighted fields (see screenshot)
- Selected nothing for remaining fields (assuming this means 'all selected'
* Tested ET telemetry/emerging-web_client with a payload from
https://www.wicar.org/test-malware.html
Result:
* Alert is raised, but threat is allowed, not dropped
Screenshots:
See attached
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Help request: how to compose a policy in the right way