We are having multiple Sophos UTM in a IPSEC connected environment and running RED on several of these. I am configuring the Intrusion Prevention on my Sophos.
I have anti-dos / flooding activated on all Sophos UTM using the standard values.
If the specific network is NOT in the global IPS settings list, will the anti-dos and flooding still work or is this functionality dependent on the global IPS settings entry?
Therefore:
Do you add the IPSEC networks to the exceptions? (depending if adding to the global IPS list at all)
Do you add the RED network to the exceptions? (depending if adding to the global IPS list at all)
My opinion: Addin the full RED or IPSEC interface/network to the IPS list and then again excluding it, makes no sense. Rather leave it out or let it scan. Your opinion?
This thread was automatically locked due to age.