12-17-2007 11:53 AM - edited 03-10-2019 03:54 AM
I have an ASA firewall with AIP-SSM module, i've configured in the application policy an access-list sending everything to IPS.
In the IPS I enabled the signature 11246 that matches MSN file transfer and set the signature to deny packet inline.
When I use MSN to transfer some file the log of IPS says "deny" for action, but the file is transferred normaly and I want it to be denyed
some idea?
12-25-2007 07:09 AM
MSN file transfer works over the MSN Messenger Activity. To block the file transfer effectively you will need to block the messenger activity in your case. If you are sending the traffic to the IPS, and can see hits for the signature 11201 "MSN Messenger Activity" and if you only want to block this for certain IP addresses then the solution to your problem is to use 'Event Action Filters' for the existing Signature 11201.
12-26-2007 06:07 AM
Hi, thanks but i want to block only the file transfer activity over msn not the msn at all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide