Intrusion Prevention
Highlighted
Intrusion Prevention

Gateway Access issue

‎10-13-2012 07:27 PM

HI, 

 

We have Juniper IDP 250- functioning in transparent cluster mode. Running Error detector verson.

 

IDPs is placed between our CORE switch and Firewall, and the firewall is the default gateway for complete network,

 

from last 15tn days we are getting issues very frequently, the core switch is not able to reach the firewall or vise versa.

 

I used wireshark for monitoring, able to see the switch is not getting replay on the interface connected to IDPs for ICMP requests for the firewall.

 

We have very huge amont of traffic between CORE and Firewall...

 

Suspecting issue with IDP, its blocking communication for only firewall address because of large amount of ICMP, HTTP, UDP traffic.

 

Taking this as a attack and applying some signature to block the communication for one to one IP only.

 

Can someone help to guide me regarding this, help will be appreciated.

 

Feedback