OPERATIONAL DEFECT DATABASE
...
...
Update for 6 March 2019: This issue is resolved with the release of IPS signature v4.916. If your Firebox has v4.916, you can safely remove the IPS exception for 1134424. WatchGuard has identified a false positive with the Intrusion Prevention Service. Specifically, signature 1134424 in the 4.912 IPS update released on Wednesday, 20 February 2019. We are currently working with our vendor to correct the false positive. The signature itself has been observed to match unintended HTTP and HTTPS connections that pass through the Firebox IPS scanning service. Security Portal Signature details: https://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?rule_id=1134424
To work around this issue, create an IPS exception for signature 1134424. You can find instructions on how to create an IPS signature in both Web UI and Policy Manager in WatchGuard Help Center at http://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/ips/ips_config_exceptions_c.html If an Intrusion Prevention action was configured to Block IP addresses that matched IPS signatures, several IP addresses may have been added to the blocked sites list. These entries are not automatically cleared after you add the exception. We recommend you review your current blocked sites list and manually remove any entries that were blocked because of “IPS autoblock”. You can find more information about how to manage blocked sites in the WatchGuard Help Center at http://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/blocked_sites_wsm.html We apologize for any inconvenience. To follow up with questions or to request notification for when this issue has been addressed, please contact Technical Support.
WatchGuard Technologies Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
