Troubleshoot false positives in the Inspection Policy

There are several possible causes and solutions when the Inspection Policy produces alerts or terminates traffic that you consider to be normal.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. If a Situation is not valid in your environment under any conditions, change the action for the Situation to Permit on the Rules tab.
  2. If a Situation is not valid between some hosts, add an Exception for the Source, Destination, and Situation that produce false positives. Then set the action to Permit. This editing can be done manually or based on a log entry through its right-click menu.
  3. If a custom Situation produces false positives, adjust the parameters in the Situation to better match the traffic pattern that you want to detect.