I’m a bit late to the IPS party here, I hadn’t realised it was a thing and I hadn’t received any alerts even though they were in my log. I read the article above and use the http://testmyids.com/ link at the bottom, but no alert was logged, should I be worried
Email alerts are coming through after I ran a test at http://checkme.checkpoint.com, just wondered if the other link should’ve generated an alert?
I do have adguard running so everything is going through that, in case that’s the cause of no aler.
What “Notification” level do you have set in IPS/IDS settings? If I’m not mistaken that link will generate a low event notification. If your notification level is set to medium or high you will not receive an event notification. I’m also convinced that IPS isn’t actually automatically blocking anything as I can set my block level to medium and still create connections that are of medium severity. Please correct me if I’m doing something wrong.
SSDP is a protocol used by your local clients to discover each other on your network. Do you have any media servers or printers on your network? Windows clients also have this, but it’s disabled by default. Probably worth confirming which IP address/client is generating the event. I don’t think its harmful though.
This thread has been automatically closed due to inactivity. If you believe you have the same issue, please create a new post describing your issue. Feel free to link to this post for context if desired.
