search cancel

Outbound Network Connecitons Denied When IPS Network Rule Should Allow

book

Article ID: 161736

calendar_today

Updated On:

Products

Data Center Security Server

Issue/Introduction

False-positive event matches are possible on Linux systems when the specific local port or IP is provided in an outbound network rule.


 

Cause

Network rules will match against the local port/IP address when a specific local port or IP address is specified in an outbound network rule.  The issue is that on Linux, the local IP or port may not be known at the time a process initiates a network connection.  The value of zero acts as a wildcard in the rule-matching algorithm in the driver, and will match if a network rule has a specific Local port, or IP is specified, in the process' PSET outbound network rules.

Resolution

This is a known issue and will be resolved in a future release.


Applies To

All Linux OS's supported by SCSP and DCS