We are having multiple Sophos UTM in a IPSEC connected environment and running RED on several of these. I am configuring the Intrusion Prevention on my Sophos.
RED
Do you consider networks that are connected using RED as "local" or as "remote"?
Therefore do you suggest to add those networks in the "Global IPS Settings" on the firwall?
My opinion: As the RED are only connected to one "hub", the only way to perform IPS on the clients in the RED network is to activat IPS on that Interface.
IPSEC
Do you consider networks that are connected using IPSEC Tunnel as "local" or as "remote"?
Therefore do you suggest to add those networks in the "Global IPS Settings" on the firwall (I mean on both IDP configs on each site)?
My opinion: As the RED are only connected to one "hub", the only way to perform IPS on the clients in the RED network is to activat IPS on that Interface.
The IPSEC Tunnel has two UTM/Endpoints, using IPS on both IPSEC Endpoints would simply double the overhead, so I suggest to only use it on the central powerfull UTM. Correct?
This thread was automatically locked due to age.
