Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 37 subscribers
  • Views 942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DoS - how to exclude one network or selected devices?

rfcat_vk

Hi folks,

looking for some help with DoS settings.

Suddenly my security cameras are failing DoS UDP and ICMP flooding. I have disabled DoS fro UDP and ICMP to allow the cameras to work.

What I have tried and failed with.

1/. new application for viewing the cameras, no positive affect

2/. change the DoS UDP setting to larger values, went as high as 12500, no positive affect

3/. added many DoS bypass rules for 5 external networks using large masks and two internal networks

4/. setup DoS bypass for incoming traffic, no polite affect.

So, the question is how do I exclude 4 devices from DoS protection or in the worst case the entire IoT network?

Ian



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hi Yash,

    I tried the * setting which I had configured wrong and I had not gone small enough with my masks, but still does not bypass DoS settings.

    I will conduct some more experiments in the morning after I have tested the reports fix.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    I tried the DoS rules again this morning with the bypassed and blocked traffic after short time. If I only access one camera the connection works with DoS enabled.

    I am accessing the cameras from the iPad om ny iPhone hotspot. If I increase the DoS settings to 12000 for both directions then everything works. I also found this morning that my VoIP service cuts out after a short time just like the cameras when I have DOS UDP enabled at 2500 in both directions.

    The DoS bypass does not work. I will experiment som more when I have exclusive use of the XG this afternoon.

    Ian

    And then there is the question about why do I need to make changes to something that worked well for many months and numerous XG upgrades, but suddenly after MR-5 my DoS settings are all wrong?

    The DoS bypass rules.

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to FormerMember

    Hi Yash,

    I conducted an experiment today to test the DoS UDP issue on my test firewall which his a very slow celeron based device. The whole exercise took over 2 hours to get the device online and updated. It was using v18.0.3 MR3 when I ran the tests.

    Results

    1/.using the original configuration on the test XG the security cameras worked, connected and stayed online.

    2/. upgrades to v18.0.5 MR-5 (586) the cameras failed to either connect or stay connected.

    3/. the DoS UDP count increased and logviewer filled with junk

    4/. disable DOS UDP and security cameras connected and stayed connected

    5/. changing the DoS UDP settings broke my VoIP phone which started behaving like the security cameras, connect then drop the connection.

    5/. this was not an enjoyable experience because the main XG failed to come on line after the WAN connect was restored and required to be power cycled a number of times to get it to work satisfactorily.

    Summary.

    Some changes to v18.0.5 mr-5 586 while partially fixing a NAT issue I have, broke the DoS scanning functions.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML