https://community.sophos.com/sophos-xg-firewall/f/discussions/126018/ips-policy-between-2-trusted-networksHello everybody I have a question? I would like to know whether IPS policy is logical between two trustworthy networks (VPN client and internal LAN)? Or do I not need to use IPS policy in this case? Tanksen-USTelligent Community 12https://community.sophos.com/thread/460919?ContentTypeID=1Mon, 15 Feb 2021 15:09:04 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:25574893-1e20-417b-8378-4e6ef2465ac1FormerMember<p>If you have control over both Zones and they&#39;re properly secured, Then it&#39;ll be okay if you don&#39;t apply any IPS policy between them. But in case if any attack originates in between trusted zones, then you won&#39;t be able to detect them on the Gateway level.</p><div style="clear:both;"></div>https://community.sophos.com/thread/460917?ContentTypeID=1Mon, 15 Feb 2021 15:00:05 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b375b160-a898-44d4-9755-75bef7da21b5Farzan Barouj<p>So, you suggest me to keep the IPS policy between Trusted Zones.</p><div style="clear:both;"></div>https://community.sophos.com/thread/460916?ContentTypeID=1Mon, 15 Feb 2021 14:53:03 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b454dbc0-d6d5-4690-8072-ed0c80fffc2fFormerMember<p>Hi Farzan, This is a tricky scenario. If you&#39;ve enough security measures taken to ensure the VPN zone machines are secure, You can probably get away without keeping any policy. I would suggest creating a custom IPS policy and include&nbsp;the signatures according to your resources which are being accessed.</p><div style="clear:both;"></div>