Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommended IPS Policies for SOHO

Hi, I wanted to ask for Recommendation on what IPS Policies I should use on are network this is first Sophos XG125 Firewall we will be adding APX530 AP's in few weeks, we are small company with 3 users on the network we don't have any web servers on the network we do use PC Software VPN and they also have Hulu and Amazon prime streaming devices on the network, the  IPS Policies I see  are  the following list below any help would be appreciated  

 

DMZ TO LAN
A default IPS policy template to scan the traffic flowing from DMZ to LAN; Primarily intended to secure server(s) hosted in the LAN zone

DMZ TO WAN
A default IPS policy template to scan the traffic flowing from DMZ to WAN; Primarily intended to secure the DMZ-based client(s)

LAN TO DMZ
A default IPS policy template to scan the traffic flowing from LAN to DMZ; Primarily intended to secure the LAN-based client(s) and DMZ-based server(s)

LAN TO WAN
A default IPS policy template to scan the traffic flowing from LAN to WAN; Primarily intended to secure LAN-based client(s)

WAN TO DMZ
A default IPS policy template to scan the traffic flowing from WAN to DMZ; Primarily intended to secure server(s) hosted in the DMZ

WAN TO LAN
A default IPS policy template to scan the traffic flowing from WAN to LAN; Primarily intended to secure server(s) hosted in the LAN

dmzpolicy
A General policy to scan traffic flowing to DMZ

generalpolicy
A General Policy

lantowan_general
A General policy for LAN to WAN Traffic

lantowan_strict
A Strict policy for LAN to WAN Traffic



This thread was automatically locked due to age.
Parents
  • Hi,

    if you open each of those policies you will see they are almost identical, they are basically templates. so you can clone them and then modify to your hearts content.

    I built my own removing all the server types and services I don't use and specifically aimed at tunnels.

    Ian.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    if you open each of those policies you will see they are almost identical, they are basically templates. so you can clone them and then modify to your hearts content.

    I built my own removing all the server types and services I don't use and specifically aimed at tunnels.

    Ian.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children