Hello all,
I was recently hired in my current position(school district) and inherted a UTM 9, a product that prior to coming here I had never worked with before. Over the last month my organization has been dealing with a DDOS attack, looks like it is coming(spoofed) from Google. IPS was not enabled at the time of the original attack, I have since enabled it, through my own tinkering(researching this forum and the web) and a few calls to support. A concern I have, but can accecpt for the time being is the fact that IPS really throttles my connection(1GBps) down to aroung 250mbps.
The major issue is the fact we use google apps for education, and since enabling IPS it forces each app to timeout or take extended time to open. The funny thing is, it only happens in Chrome. I use Linux as my desktop and have no issue, and my windows clients that have firefox have no issue, but there's a strangle on Chrome. I see the easy fix, but when you have 1100 students using chromebooks, I can't just implement a workaround. So my question is does anyone have experience in this, do you use GApps through the UTM with IPS enabled?
I have all the google ipaddresses added in my exception list, and the port exceptions on the Or tab for "using these services" which I created for TCP443 and UDP443.
I've modified the attack patterns, enabled and disabled the Anti-Dos/Flodding options(currently UDP and ICMP enabled), anti-portscan enabled.
I'd appreciate any thoughts or suggestions. Or if there are any additional details I may have left out, please feel free to ask.
Thanks in advance,
Chris
This thread was automatically locked due to age.
