Jump to:navigation, search
Wiki

Disable Threat Intelligence Filter

From Securepoint Wiki



























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden
















Deactivation of the Securepoint Threat Intelligence Filter

Last adaptation to the version: 14.0.2(02.2025)

notempty
This article refers to a Beta version

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Applications IDS/IPS

Introduction

It may happen that the Threat Intelligence Filter (TIF) temporarily blocks IP addresses and hosts that have been classified as trustworthy.
This can prevent legitimate connections and services from functioning correctly.
To prevent this, there are two ways to disable the Threat Intelligence Filter.

Shut down via GUI

The following steps are identical for UTM versions 12.7.5.1 and 14.0.2 and above:

  • Open the UTM Applications IDS/IPS
  • In the Cyber Defense Cloud section, disable the Log and block connection option in the Threat Intelligence Filter section. No


Shut down via CLI

The following steps are identical for UTM versions 12.7.5.1 and 14.0.2 and higher:

  • Open CLI on the UTM
    • Menu Extras CLI
      or
    • Access via ssh
      e.g.: ssh admin@utm.anyideas.de
  • Folgende Befehle eingeben:
    rule implied group set implied_group „13“ active 0
    system update rule
  • Enter the following commands:
    rule implied group set implied_group "13" active 0
    system update rule
Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/APP/IDS-IPS/TIF_ausschalten&oldid=94968"