Title: Should Intrusion Prevention Scan VPN Traffic? Post by: danodemano on Friday 08 January 2010, 05:51:20 am So I recently had trouble with a MySQL connection through an IPSEC VPN tunnel. I went round and round with this before finally nailing it down to to the IPS inside Endian. The rule blocking the connection was:
Date: Jan 6 18:00:19 Name: ET POLICY External MYSQL Server Connection Priority: 1 Type: A Network Trojan was detected IP info: 10.x.x.x:3306 -> 192.x.x.x:56808 References: none found SID: 2008572 I disabled the rule and the connection went through just fine. This prompted the question though, should the IPS be scanning VPN traffic? It seems like maybe there should be a way to turn off the scanning of VPN traffic. I'm all for filtering and security but it would nice to be able to at least toggle the scanning of VPN traffic. Is this an unreasonable request? Anyone else have any thoughts? |