Found a post from over 10 years ago, so thought I'd ask and get a more up-to-date reply!
I get alerts from the IPS saying it blocked an attack. I add the IP (if it's the same one repeatedly) to Network Protection/Firewall to drop from that IP, Any service, Any Destination. I even put the country in the Country Blocking list (From).
I still get IPS notifications from this IP.
Is IPS processing done before the Firewall processing?
Thanks, James.
Hello jlbrown ,
Thank you for reaching out to the community, If packet is accepted by the firewall it is directed to IPS & Application filter. It interfacing with IPS & Application filter for forwarded and proxy traffic
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
