Block Offenders - Incorrect statement/description
Plus Target Version:
Affected Plus Version:
The description on the options 'Block Offenders' is incorrect for 'inline mode' but still valid for 'Legacy Mode'
Checking this option will automatically block hosts that generate a Snort alert. Default is Not Checked.
Services --> Snort --> Snort Interfaces --> Add/Edit
- When on 'Legacy Mode'
- this does cause IPs to be blocked that have caused alerts.
- I read somewhere that 'Legacy Mode' only alerts or blocks, there is no in-between.
- On 'Inline Mode'
- I have many alerts from 'remote IPs' (i.e. not on my local networks) that are not blocked.
- As far as I know 'inline mode' only drops traffic or alerts you depending on the rules setup in your policies rather than the blanket option of alert or block for any infraction
No data to display