I just noticed something odd with IDP (on both a USG 110 and a USG 60) running the last 4.13 version.
I've created custom IDP profiles based off of the base IDP profiles (none, all, lan, wan, dmz). These were created through the web interface under Config > UTM Profile > IDP > Profile Tab. Under Config > Security Policy > Policy Control, I have certain policy rules, like DMZ_to_WAN set to use whichever IDP profile is appropriate.
This all seems to work, and I have seen IDP log information on stuff getting stopped.
However, I now see some 2 things that don't make sense to me.
1. Creating a new IDP profile based off of the base "wan" IDP profile, there are zero signatures set to reject or deny. In the CLI, "show idp signature base profile wan settings" shows the same thing. Maybe I need to run "idp reload"?
2. Though I have seen IDP log information for stuff that doesn't seem to be solely for idp system-protect, when I enter "show idp signature activation" in the CLI, I get "no" as the answer. Maybe this is only turned on if IDP is set at a global level, and my security policy specific IDP settings are still active?
Any ideas here?
↧