I was curious if there is any means of bypassing intrusion detection/prevention via Group Policies. I'm going to assume no, as it defeats the whole purpose of said feature, but possible I overlooked something.
Scenario: Datto Appliance is not successfully backing up offsite, and Datto insists it's due to Intrusion Detection/Prevention. Rather then disabling it on the entire MX, i'm hoping to narrow it down to just the Datto appliance.
IPS/IDS cannot be bypassed even by whitelisting the clients. It is either enabled or disabled on the firewall.
For your case to test connectivity to an application, try connecting the test computer directly to the ISP modem and see if it is still having the same issues. If you are on wireless, test it on wired. There are ways to send traffic on the same network bypassing the firewall completely for that client.
Please let me know if you have any further questions.
Hey @Seshu, thanks for the response! That's what I suspected, but the clarity definitely helps.
Fortunately it looks like it was getting blocked by IPS/IDS and was overlooked in Security Center. Shows that the Datto Appliance is being treated as an SSH_EVENT_RESPOVERFLOW threat, and looks like there are others with MX appliances that are facing the same issue. Whitelisting allowed the appliance to successfully offsite.
I'm assuming there is also no way for you to whitelist a Rule ID to a certain scope devices?
Not sure if it's a bug with the MX firmware, or if a specific version of SSH/SFTP software on the appliance is causing the MX falsely claim it as a threat.
When I enable Intrusion detection and prevention, My MX goes to 1/3 speed instead of 900MB we get maybe 250MB bandwidth speeds. Has anyone else experienced this type of slowdown with Intrusion detection and prevention
I changed nothing and speeds were so bad I complained to ISP, they came to the house put on equipment and confirmed there were no issues with Light. I put the 2nd router on the same ONT (Frontier allows 2 IPs) the one would get 1000mbs downloads, and on the MX I get 300MB on a good day. White papers state I should get 650ish so I complained.