Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions DDOS protection explained

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 42 subscribers
Views 5390 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DDOS protection explained

Regex over 2 years ago

Can anyone explain what Sophos meant when designing this menu?

My experience comes from fortigate where most of options are logically ordered and described, but here im out of any

How should i interprete it ?

PIC 1 seems logical;

Pic 2 SOPHOS

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 2 years ago +1

DDOS is potentially flawed in all products anyway. What should be the benefit in tracking the amount of data and limiting it? You cannot deal with a DDOS attack, which is potentially destributed between…

Parents

0 rfcat_vk over 2 years ago

Hi,

basically what you are showing is two different approaches to the same subject.

On the Sophos you would setup as firewall rule at the top of your firewall rule list using the country as the source network inn the WAN zone and then point the rule at a deadend NAT which points at a none existent IP address. There is a KBA on how to setup deadend NAT .

Most recommendations are to leave the Sophos DDOS settings disabled except for the ICMP redirect and source routed packets.

Ian

XG115W - v20.0.3 MR-3 - Home

XGS118 waiting for licence to arrive - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 2 years ago

Hi,

basically what you are showing is two different approaches to the same subject.

On the Sophos you would setup as firewall rule at the top of your firewall rule list using the country as the source network inn the WAN zone and then point the rule at a deadend NAT which points at a none existent IP address. There is a KBA on how to setup deadend NAT .

Most recommendations are to leave the Sophos DDOS settings disabled except for the ICMP redirect and source routed packets.

Ian

XG115W - v20.0.3 MR-3 - Home

XGS118 waiting for licence to arrive - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data