Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 37 subscribers
  • Views 919 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DoS - how to exclude one network or selected devices?

rfcat_vk

Hi folks,

looking for some help with DoS settings.

Suddenly my security cameras are failing DoS UDP and ICMP flooding. I have disabled DoS fro UDP and ICMP to allow the cameras to work.

What I have tried and failed with.

1/. new application for viewing the cameras, no positive affect

2/. change the DoS UDP setting to larger values, went as high as 12500, no positive affect

3/. added many DoS bypass rules for 5 external networks using large masks and two internal networks

4/. setup DoS bypass for incoming traffic, no polite affect.

So, the question is how do I exclude 4 devices from DoS protection or in the worst case the entire IoT network?

Ian



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Here is a reference article to configure the DoS bypass rule.

    support.sophos.com/.../KB-000035751

    Could you please share a snapshot of the bypass rules which you've configured for cameras?

  • 0 in reply to FormerMember

    Hi Yash,

    I conducted an experiment today to test the DoS UDP issue on my test firewall which his a very slow celeron based device. The whole exercise took over 2 hours to get the device online and updated. It was using v18.0.3 MR3 when I ran the tests.

    Results

    1/.using the original configuration on the test XG the security cameras worked, connected and stayed online.

    2/. upgrades to v18.0.5 MR-5 (586) the cameras failed to either connect or stay connected.

    3/. the DoS UDP count increased and logviewer filled with junk

    4/. disable DOS UDP and security cameras connected and stayed connected

    5/. changing the DoS UDP settings broke my VoIP phone which started behaving like the security cameras, connect then drop the connection.

    5/. this was not an enjoyable experience because the main XG failed to come on line after the WAN connect was restored and required to be power cycled a number of times to get it to work satisfactorily.

    Summary.

    Some changes to v18.0.5 mr-5 586 while partially fixing a NAT issue I have, broke the DoS scanning functions.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to FormerMember

    Hi Yash,

    I conducted an experiment today to test the DoS UDP issue on my test firewall which his a very slow celeron based device. The whole exercise took over 2 hours to get the device online and updated. It was using v18.0.3 MR3 when I ran the tests.

    Results

    1/.using the original configuration on the test XG the security cameras worked, connected and stayed online.

    2/. upgrades to v18.0.5 MR-5 (586) the cameras failed to either connect or stay connected.

    3/. the DoS UDP count increased and logviewer filled with junk

    4/. disable DOS UDP and security cameras connected and stayed connected

    5/. changing the DoS UDP settings broke my VoIP phone which started behaving like the security cameras, connect then drop the connection.

    5/. this was not an enjoyable experience because the main XG failed to come on line after the WAN connect was restored and required to be power cycled a number of times to get it to work satisfactorily.

    Summary.

    Some changes to v18.0.5 mr-5 586 while partially fixing a NAT issue I have, broke the DoS scanning functions.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML