IDSM-2 Join windows domain problem

Unanswered Question

We are running a IDSM-2 module in a 6509 with vlan inline interface pairs.

Everything looks fine until we try to join a server to the 2003 domain.

I can't see the IPS dropping anything, but we get "network path not found" after entering the credentials for joining. If I set the IPS to bypass it works as it should. The software on the IPS is 6.2(1)E3 and all the servers are windows 2003. Greatful for any ideas of how to solve this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Mon, 02/23/2009 - 08:58
User Badges:
  • Gold, 750 points or more

This post from antonyabraham in another thread might help:

Replied by: antonyabraham - STATE FARM - Feb 12, 2009, 5:59pm PST

There could be some normalizer engine events which can drop/modify traffic without firing an alert. Some of them seem to be on by default. Could you try enabling "produce alerts" on the normalizer signatures with deny or modify actions?

Another way would be to put an event action filter for the source or target (or both) and filter out all deny actions. In that way, you are telling the sensor do not block any traffic from or to certain IP address (based on how the filter is formed). I would use this filter to cover all signatures and sub signatures for the source/target in question.


This Discussion