Solved: Security Intelligence Does not block sometimes

Wee2o · ‎09-13-2022

I have created security intelligence block list but sometimes it allows the connections like the one highlighted and it is identified as attackers.

Is that because the intrusion policy is set to detection not prevention?

FredrikW73 · ‎09-15-2022

Are you talking about the "Drop when inline" setting?

What is the mode of the device and type of interfaces?

This is the setting I mentioned:

View solution in original post

FredrikW73 · ‎09-14-2022

The Reason column seems to indicate that you have set the action to "Monitor-only" and not "Block" for that Security Intelligence category. If so, my understanding is that the result is that no requests are blocked, not even the lower four in your screenshot.

Wee2o · ‎09-14-2022

The Monitor-Only on the intrusion policy not the security intelligence. will that affect it?

FredrikW73 · ‎09-15-2022

Are you talking about the "Drop when inline" setting?

What is the mode of the device and type of interfaces?

This is the setting I mentioned:

Wee2o · ‎09-15-2022

you are correct, I missed this settings. thank you!