Description:

The feature Intruder Detection System / Intruder Prevention System (IDS/IPS) recognizes and blocks potentially malicious packets. Although it is possible that normal traffic is recognized as potentially malicious and is therefore blocked.

This article describes how an exception for the feature IDS/IPS can be created.


Requirements:

  • LANCOM R&S®Unified Firewall  with  firmware version 10.3  or later
  • A configured and functional local network and Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox


Procedure:

1) Creating an exception for the feature IDS/IPS: 

1.1) Open the configuration of the Unified Firewall in a browser and go to the menu Monitoring & Statistics → Settings.

Screenshot of a technical user interface showing options to activate a firewall, view monitoring statistics, and manage settings and connection tracking.

1.2) In the dropdown-menu IDPS Alert select the option Save Raw Data Locally in order for the Unified Firewall to log packets which are recognized and blocked by IDS/IPS.

Click Save afterwards.

A screenshot of a settings monitoring interface showing options to manage data handling and system performance, with various event modes like saving raw data locally and creating statistics for blocked traffic.

1.3) Go to the menu Monitoring & Statistics → Logs → Alert Log.

Screenshot of a network management interface showing menu options such as Firewall, Monitoring Statistics, Settings, Connection Tracking, DHCP Leases, Logs, Alert Log, and Audit Log.

1.4) In the field More Filters select the parameter Category: IDPS to limit the Alert Log to IDS/IPS messages.

Image of a technical interface showing options 'Alert Log togs', 'Cau Tor Eto ano FF', and 'Manual Reload'.

1.5) Select an event you want to allow, click on the "gear symbol" and on Ignore Rule afterwards (in this example a UPnP broadcast was recognized by IDS).

Image showing a technical user interface with various settings including a manual reload option, filter tools, classifications for network attacks, and a list of action permissions with source and destination data points.

1.6) Repeat step 1.5) for additional events if necessary.

1.7) The creation of the exception for the feature IDS/IPS is now complete.



2) Editing and deleting the exception:

2.1) Go to the menu UTM → IDS/IPS.

A screenshot of a technical user interface displaying various security and network configuration options including a firewall, antivirus settings, and email security.

2.2) You can find the exception created in step 1.5) under Ignore Rules. If necessary you can edit the exception or delete it via the "dustbin symbol", if the exception isn't needed anymore. 

The Mode controls how the feature IDS/IPS works:

  • IDS: Events are logged only.
  • IPS Drop: Events are logged and the corresponding packets are dropped.
  • IPS RejectEvents are logged and the corresponding packets are rejected.  If packets should be blocked, this mode should be used as the end device receives a corresponding message.

 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH