On the Network Protection > Intrusion Prevention > Exceptions tab you can define source and destination networks that should be excluded from intrusion prevention.

Note – A new IPS exception only applies to new connections. To apply a new IPS exception to an existing connection, you can for example disconnect or restart the respective device.

To create an exception, proceed as follows:

  1. On the Exceptions tab, click New Exception List.

    The Add Exception List dialog box opens.

  2. Make the following settings:

    Name: Enter a descriptive name for this exception.

    Skip these checks: Select the security checks that should be skipped:

    For all requests: Select at least one condition for which the security checks are to be skipped. You can logically combine several conditions by selecting either And or Or from the drop-down list in front of a condition. The following conditions can be set:

    Tip – How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Comment (optional): Add a description or other information.

  3. Click Save.

    The new exception appears on the Exceptions list.

  4. Enable the exception.

    The new exception is disabled by default (toggle switch is gray). Click the toggle switch to enable the exception.

    The exception is now enabled (toggle switch is green).

To either edit or delete an exception, click the corresponding buttons.

Note – If you want to make an intrusion prevention exception for packets with the destination address of the gateway, selecting Any in the Destinations box will not succeed. You must instead select a definition that contains the gateway's IP address, for example the Internal (Address) or the external WAN address.

Note – If you use a Sophos UTM proxy, an intrusion prevention exception has to reflect this: A proxy replaces the original source address of a packet with its own address. Thus, to except intrusion prevention for proxied packets, you need to add the appropriate interface address definition of Sophos UTM to the source Networks box.

© 2019 Sophos Limited Sophos UTM 9.600