Endpoint Protection

We enabled the the Intrusion and Prevention policy for all the managed client. The problem is that users start to complain about not being able to connect to their home wifi and cannot authenticate to the office wifi, which use a radius server. Also, someone report it blocks ZOOM conference traffic. 

What is the best practices for the Intrusion Prevention? We already added all some common class C IPs, Radius IP, and access points IPs in the Excluded Host list. 

What are my options?

Adding these as an Excluded Host means the client will exclude vulnerability attacks from these addresses - this is not good and not what you want.

The firewall is blocking this, not IPS. Review the Traffig log and add an allow rule.

What brian said. It is the firewall that is blocking. You might just be confused because the IPS exclusion seems to solve your problem.

It is a little known fact that creating IPS exclusions actually creates an "Allow any" rule in the firewall for the excluded IP-adressses.

Hi Huanwei Li,

What IPS detection name appears in the logs-?  (If there is none, then the issue is with the firewall configuration, as per the above posted messages)

IPS should be able to work well from home or office.

I checked the security log, there seem to no log in there.

If the firewall is blocking it, what can I do unblock them?

Review the Traffic log, this is where all firewall events are.

Add a rule to allow the traffic that you need.