Packets Dropped for Legitimate Traffic and Generated Alerts

This section provides troubleshooting procedures when the Gateway IDS/IPS traffic inspection engine drops data packets for legitimate traffic and generates alerts. For example, you try to access your email account in a web browser and notice that the page does not load as expected. This issue generates an alert for the threat event type. One of the reasons could be because some data packets are dropped by the traffic inspection engine.

To troubleshoot this scenario, complete the following steps:

  1. To allow blocked traffic to flow, Gateway IDS/IPS allows you to move a threat signature to the Allow List in the following ways:
    • To move a threat signature to Allow List from the Threats List page, complete the following steps:
      1. In the WebUI, complete one of the following steps:
        • To configure a Branch Gateway group, complete the following steps:
          1. Set the filter to a group containing at least one Branch Gateway that supports Gateway IDS/IPS.
            The dashboard context for a group is displayed.
          2. Click Gateways.
          3. Click the Config icon to view the Branch Gateway group configuration dashboard.
        • To configure a Branch Gateway, complete the following steps:
          1. Set the filter to Global or a group containing at least one Branch Gateway that supports Gateway IDS/IPS.
          2. Under Manage, click Devices > Gateways.
            A list of gateways is displayed in the List view.
          3. Click a gateway under Device Name.
            The dashboard context for the gateway is displayed.
      2. Under Manage, click Security > Gateway IDS/IPS.
      3. Click the icon to view the Threats List table.
      4. Select a threat and click Move threat to Allow List icon ().

        The Move to Allow List window is displayed.

      5. Click Move.

        The threat is moved to Allow List.

    • To move a threat signature to Allow List from the Policy page, complete the following steps:
      1. In the WebUI, complete one of the following steps:
        • To configure a Branch Gateway group, complete the following steps:
          1. Set the filter to a group containing at least one Branch Gateway that supports Gateway IDS/IPS.
            The dashboard context for a group is displayed.
          2. Click Gateways.
          3. Click the Config icon to view the Branch Gateway group configuration dashboard.
        • To configure a Branch Gateway, complete the following steps:
          1. Set the filter to Global or a group containing at least one Branch Gateway that supports Gateway IDS/IPS.
          2. Under Manage, click Devices > Gateways.
            A list of gateways is displayed in the List view.
          3. Click a gateway under Device Name.
            The dashboard context for the gateway is displayed.
      2. Under Manage, click Security > Gateway IDS/IPS.
      3. Click the Config icon to view the Gateway IDS/IPS configuration page.
      4. Click the Policies tab, and select a policy to view the policy details.
      5. In the Rules table, select a row and click the Move to Allow List icon.

        The Move to Allow List window is displayed.

        To move multiple rules to Allow List, select the rows and click Move to Allow List.
        In the Rules table, use the icon in the Signature column to filter the signatures that you want to move to Allow List.

      6. Click Move.

        The Allow Listed rules might take up to 10 minutes to take effect after the traffic flow stops.

  2. After moving the threat signatures to Allow List, contact Technical Support for further assistance.