Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 42 subscribers
  • Views 1495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Build-In IPS policies: Differences?

Quallensaft

Because the online-help is pretty useless regarding this question:

What is the difference between the policies on top and the last ones (in small letters)?
What are better? Why double build-in?



This thread was automatically locked due to age.
Parents
  • +1

    Essentially: The first one are locked in and managed by Sophos. 
    The others are free to design: They have ALL Rules included, but can be modified if you want to. 

    Or you build your own rule set. By clicking on the other policies, you see what Pattern are loaded. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I used the Sophos managed policies for years and never looked deeper into them.

    Why are there different sub-settings like "browsers", "OS", "windows", "linux" when the last policy "All Clients" would catch any of the above?
    Is that because of some kind of "speed optimizations"?

    The main difference between LAN and DMZ is client vs. server.
    Would it be a very bad idea to create a new IPS policy where no filters are configured at all?
    Like this:

    All Systems
    All

    Category = All categories
    Recommended

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • 0 in reply to kerobra

    Hi,

    the sub settings allow you to create a smaller footprint in memory by removing items you do not have on your network. The utm used to save large amounts of memory with fine tuning, it does not seem to have the same affect on the XG.

    why would you create an ips policy with no entries?

    ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to kerobra

    Hi,

    the sub settings allow you to create a smaller footprint in memory by removing items you do not have on your network. The utm used to save large amounts of memory with fine tuning, it does not seem to have the same affect on the XG.

    why would you create an ips policy with no entries?

    ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    No, not with no entries, but only with one.

    Like LAN to WAN and DMZ to WAN which at the end (last rule) include any for clients (L2W) or any for servers (D2W).
    My goal would be a mixture of both policies, so not limiting the ruleset to clients or servers.

    On UTM the IPS configuration (OS, applications, timeframe etc.) had an impact on the sum of rules that will apply.
    I wonder if that is no issue on the Sophos Firewall, since the template rules automatically include everything.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Unfiltered HTML