Hello Everyone, I encountered a similar issue in our infrastructure and opened a support case. What I understand from support is the events were not blocked by the IPS. Instead, the firewall dropped those packets because there was no established connection to the firewall on port 500. Additionally, the stateful firewall behavior resulted in the packet being dropped due to the lack of memory of the previous connection. ... View more

@Mustafa_TaqiIf the client VPN process drops the flow, I would expect to see logs in the Event Logs. I don't believe it's dropped at the client VPN's end. "The behavior is constrained by the Architecture" What do you mean by this? It's unclear now, where it's actually dropped.  ... View more

@Mustafa_Taqi I would like to bring a couple of points before accepting the scenario you explained above.   How come an inbound firewall rule will block the traffic if this traffic overrides through the ClientVPN? If the client VPN drops a VPN packet, no user can connect to the VPN. Additionally, I believe if this packet is indeed malicious, it should be blocked at the IPS level, not at another layer. ... View more