Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 37 subscribers
  • Views 914 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DoS - how to exclude one network or selected devices?

rfcat_vk

Hi folks,

looking for some help with DoS settings.

Suddenly my security cameras are failing DoS UDP and ICMP flooding. I have disabled DoS fro UDP and ICMP to allow the cameras to work.

What I have tried and failed with.

1/. new application for viewing the cameras, no positive affect

2/. change the DoS UDP setting to larger values, went as high as 12500, no positive affect

3/. added many DoS bypass rules for 5 external networks using large masks and two internal networks

4/. setup DoS bypass for incoming traffic, no polite affect.

So, the question is how do I exclude 4 devices from DoS protection or in the worst case the entire IoT network?

Ian



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Here is a reference article to configure the DoS bypass rule.

    support.sophos.com/.../KB-000035751

    Could you please share a snapshot of the bypass rules which you've configured for cameras?

  • 0 in reply to FormerMember

    Hi Yash,

    I tried the * setting which I had configured wrong and I had not gone small enough with my masks, but still does not bypass DoS settings.

    I will conduct some more experiments in the morning after I have tested the reports fix.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    I tried the DoS rules again this morning with the bypassed and blocked traffic after short time. If I only access one camera the connection works with DoS enabled.

    I am accessing the cameras from the iPad om ny iPhone hotspot. If I increase the DoS settings to 12000 for both directions then everything works. I also found this morning that my VoIP service cuts out after a short time just like the cameras when I have DOS UDP enabled at 2500 in both directions.

    The DoS bypass does not work. I will experiment som more when I have exclusive use of the XG this afternoon.

    Ian

    And then there is the question about why do I need to make changes to something that worked well for many months and numerous XG upgrades, but suddenly after MR-5 my DoS settings are all wrong?

    The DoS bypass rules.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to FormerMember

    Hi Yash,

    I conducted an experiment today to test the DoS UDP issue on my test firewall which his a very slow celeron based device. The whole exercise took over 2 hours to get the device online and updated. It was using v18.0.3 MR3 when I ran the tests.

    Results

    1/.using the original configuration on the test XG the security cameras worked, connected and stayed online.

    2/. upgrades to v18.0.5 MR-5 (586) the cameras failed to either connect or stay connected.

    3/. the DoS UDP count increased and logviewer filled with junk

    4/. disable DOS UDP and security cameras connected and stayed connected

    5/. changing the DoS UDP settings broke my VoIP phone which started behaving like the security cameras, connect then drop the connection.

    5/. this was not an enjoyable experience because the main XG failed to come on line after the WAN connect was restored and required to be power cycled a number of times to get it to work satisfactorily.

    Summary.

    Some changes to v18.0.5 mr-5 586 while partially fixing a NAT issue I have, broke the DoS scanning functions.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML