Summary
The IsValid error messages are informational messages and as such do not impact or reduce the IPS's security posture. These errors occur when there is a data mismatch between the IPS and the SMS. The following table describes some of the isValid errors in addition to providing the most common solution to the problem.
Details
Note: On the following table some of the solution steps include a "Filter Reset".
Be aware that the Filter Reset option will reset all filters back to their recommended state. This option will also remove all user defined filters, action sets, user created IPS segments and notification contacts from the device.
| Error | Explanation | Solution |
| isValid: In/out pair [….] not found | Attempting to distribute a profile to a non-existing segment. In this case the ANY-ANY segment. | Option 1; Recreate the missing segment and re-distribute the profile. Option 2; Perform a "Filter Reset" on the IPS and then re-distribute the profile. Option 3; Reboot the IPS |
| isValid: IPRep Feed Group [….] does not exist for group-set | This is an error generated by an inconsistency with the RepDV database and/or the RepDV filters. | Option 1; Perform a RepDV full Sync. (Profiles -> Reputation Database -> Edit -> Full Sync) Option 2; Delete and re-create RepDV filters from profile and then re-distribute. (Profiles->IPS Profiles -> "Profile" -> Infrastructure Protection -> Reputation) |
| isValid: Profile [….] of type Security is already assigned to in/out pair | The SMS is attempting to push a security profile on to the ANY-ANY segment but that segment already has an existing security profile configured. | 1. Perform a "Filter Reset" on the IPS 2. Re-distribute profiles to the IPS |
| isValid: Security zone pair [….] not found | This error was caused by attempting to create a new segment while the device was performing a profile distribution. The SMS will display a newly created segment but in actuality the segment has not been created on the IPS. | 1. Perform a "Filter Reset" on the IPS 2. Re-distribute profile to the IPS |
| isValid: Signature [….] does not exist for policy | This error is generated by a data mismatch between the DV on the IPS and the DV on the SMS. The DV’s contain filters that are either new, removed or modified. This filter mismatch will generate errors in the system log. Within the error message you will see a long series of numbers (e.g. [00000001-0001-0001-0001-000000001130]). The number at the end of the series tells the administrator what the offending filter is. In this example filter 1130 is the offending filter.This issue can also occur if the DV or Profile on the IPS is corrupted. This corruption can occur when either the DV or the Profile is distributed during high IPS inspection periods. | Option 1; Distribute current DV and Profile to IPS. Option 2; Place IPS in L2FB and distribute current DV and Profile to IPS. Option 3; Place IPS in L2FB, perform a Filter Reset, and then re-distribute the profile to IPS. |
