| Disable portscan check for internal server [message #118961] |
Thu, 29 January 2015 13:04  |
Dukeman
Messages: 46
Registered: June 2007
Location: The Netherlands
|
|
|
|
I've got an internal server which backups file by FTP to an external server. Mostly it processes a lot of files at a time.
Often connections are blocked by Control because Control sees them as Port scanning and therefor blocks it.
Information from Security Log:
[date] IPS: Port Scan, protocol: TCP, source: ....
I've already created a separate traffic rule for this FTP traffic, where content checking is disabled, however connections are sometimes still blocked.
Is it possible to disable port scan checking for a specific server/traffic rule?
Thanks,
Barry
|
|
|
|
|
|
|
|
| Re: Disable portscan check for internal server [message #119315 is a reply to message #119230] |
Wed, 11 February 2015 21:44  |
Dukeman
Messages: 46
Registered: June 2007
Location: The Netherlands
|
|
|
|
Thanks for your response mlee. It looked like it was/is blocked by IPS, because of the many lines in the logs about the port scan (of which I though it would block any connections temporarely from the remote computer).
The FTP application stops it jobs stating the connection was broken and could not reconnect. The remote FTP server is available however. So I assumed Kerio blocked connections...
Have to do some extra investigation however...
|
|
|
|
|
|
| Re: Disable portscan check for internal server [message #119347 is a reply to message #119319] |
Thu, 12 February 2015 20:09 |
Dukeman
Messages: 46
Registered: June 2007
Location: The Netherlands
|
|
|
|
The inspector is already disabled for this rule.
Source of this rule is the FTP client, Destination is the FTP Server, Service is set Any, Inspector is none.
I rather not turn off IPS, because a lot of traffic is (correctly) blocked and I'm having several servers running behind Kerio. The FTP backup takes some time (couple of hours), so it would be off for a long time.
|
|
|
|
Members
Search
Help
Register
Login
Home
