Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Covid-19 Induced VPN Use -- security question

JeffCooper

Hi,

I'm in the US and like a lot of people this week I'm scrambling to support people who usually work in one big room but are now telecommuting and making heavy use of our VPN.

Normally I have 3-10 connections per day, maybe 2-3 at a time, now I have 15-20 at a time (staff of 68). I think it would be more but by the time they get logged on I think it gets so slow they give up and find other avenues.

I already had IPS disabled for traffic to/from the VPN Pool and our LAN. But I noticed that I was still getting a flood of flood alerts in the IPS log about port 4500. I turned off IPS for all traffic over this port and over the L2TP protocol, regardless of it's source or destination.

Have I opened myself up to serious security concerns?

Thanks,

Jeff



This thread was automatically locked due to age.
  • 0

    Hi Jeff,

    we both are in the same situation I think. I got that too, with the difference of IPsecVPN. But it was enough to disable UDP Flood for the interface where the VPN is terminated. 
    So maybe you could adjust a little more. The deactivation of whole IPS is a little too much. But it seems UTM doesn’t recognize this by itself.

    Best regards 

    Alex 

    -

  • 0

    Jeff, your SG105 is not meant to handle more than 15-20 Remote Access connections unless that's all it's doing.  Also, you might try rebooting it later this evening when everyone's off it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML