Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 39 subscribers
  • Views 1288 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differences between default Intrusion prevention categories in XG

Can carmack

Hi Community,

 

Been using XG Box for 3 years.
IPS is another benefit of XG. Its extra security layer for the internal network.

All the time default policies been used.

What are the differences between these policies. They have the same name.



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

     

    If you check "generalpolicy", "lantowan_general", "dmzpolicy" and "lantowan_strict", all four are the exact same policies, with all IPS signatures being applied on the recommended action.

     

    Meanwhile on the top IPS policies, that can't be deleted, they have pre-defined IPS signatures categories, with the correspondent applications that you would be running over those zones.

    Like on the LAN to WAN you will have mostly browsing, office, c2c, and protections to Windows/Linux Systems; And you won't scan the traffic to signatures about web servers, database, ftp, since there's no servers running on that zone.

    And on the WAN to DMZ you will have protections to servers, such as web servers, database, ftp, dns protections, at the same time you won't have protections to browsing, office, and so on.

     

    In my opinion, It's better for you to use a "generalpolicy" and create the IPS signatures exceptions whenever necessary. And when It's needed you can clone the policy, and do any changes you feel it's needed.

     

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • +1

    Hi,

     

    If you check "generalpolicy", "lantowan_general", "dmzpolicy" and "lantowan_strict", all four are the exact same policies, with all IPS signatures being applied on the recommended action.

     

    Meanwhile on the top IPS policies, that can't be deleted, they have pre-defined IPS signatures categories, with the correspondent applications that you would be running over those zones.

    Like on the LAN to WAN you will have mostly browsing, office, c2c, and protections to Windows/Linux Systems; And you won't scan the traffic to signatures about web servers, database, ftp, since there's no servers running on that zone.

    And on the WAN to DMZ you will have protections to servers, such as web servers, database, ftp, dns protections, at the same time you won't have protections to browsing, office, and so on.

     

    In my opinion, It's better for you to use a "generalpolicy" and create the IPS signatures exceptions whenever necessary. And when It's needed you can clone the policy, and do any changes you feel it's needed.

     

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

Children
No Data
Unfiltered HTML