This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG550 DoS settings

Hello,

I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4).

I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after a week i had a good baseline of data to start testing the feature.

But the issue is that Sophos does not allow to input anything above 600000 in the source or destination fields and gives out an error message: "You must enter a value between 1 and 600000 packets/minute for "Packets rate""

To me this does not make any sense, because i have legitimate user/server traffic that easily tops 600000 packets/minute even if i create bypass rules to allow my internal networks to bypass dos settings to any destination.

And furthermore, for a device like the XG550 where the datasheet states it can handle 213,800 new connections a second 600k a minute is nothing.

Does maybe anyone have a workaround for this? Or maybe a timeline from Sophos when this packet limit could be raised?

Thank you.

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 1 year ago +1

We discussed this feature here: https://community.sophos.com/sophos-xg-firewall/f/discussions/135414/vpn-slow---intrusion-prevention-dos---udp-flood/500616#500616 The question is, if you want to go down…

0 LuCar Toni over 1 year ago

We discussed this feature here: https://community.sophos.com/sophos-xg-firewall/f/discussions/135414/vpn-slow---intrusion-prevention-dos---udp-flood/500616#500616

The question is, if you want to go down this road for the minimal benefits.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 LM HD OneIT over 1 year ago in reply to LuCar Toni

Yes, i actually would want to do that. And the reason is that, sure volumetric DDoS attacks should be mitigated upstream, but typical IP flooding can just be done directly on the firewall, because the traffic amount is relatively small, but the packet count on the other hand is large.
The question now arises is, why add a feature that in essence does not work on the higher end models?
Cancel
Vote Up 0 Vote Down

Cancel
0 LM HD OneIT over 1 year ago in reply to LM HD OneIT

So, no answer from Sophos?
I'm just puzzled by the fact that a feature is released, licensed and then implemented in a manner that is is basically unusable for the higher end devices.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 1 year ago in reply to LM HD OneIT

This community forum is not monitored by Product Management. You should contact your Sophos Partner/Sales Engineer to discuss this further.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel