This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos IPS (IDP) global settings, best practice for RED and IPSEC

 We are having multiple Sophos UTM in a IPSEC connected environment and running RED on several of these. I am configuring the Intrusion Prevention on my Sophos.

 

RED

Do you consider networks that are connected using RED as "local" or as "remote"?

Therefore do you suggest to add those networks in the "Global IPS Settings" on the firwall?

My opinion: As the RED are only connected to one "hub", the only way to perform IPS on the clients in the RED network is to activat IPS on that Interface.

 

IPSEC

Do you consider networks that are connected using IPSEC Tunnel as "local" or as "remote"?

Therefore do you suggest to add those networks in the "Global IPS Settings" on the firwall (I mean on both IDP configs on each site)?

My opinion: As the RED are only connected to one "hub", the only way to perform IPS on the clients in the RED network is to activat IPS on that Interface.

The IPSEC Tunnel has two UTM/Endpoints, using IPS on both IPSEC Endpoints would simply double the overhead, so I suggest to only use it on the central powerfull UTM. Correct?



This thread was automatically locked due to age.
Parents Reply Children
No Data