This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop or reject

Hi,

I have a DNAT with blackhole IP and FW rule that Drop connections from some bed IP address, now when check the firewall logs I can see from one of those IPs has almost 200000 Drop packages,Tthis is good news, but this means that our UTM still must process the incoming packages from this bed IP and I think this will use valuable resources of the device.

If we use reject instead of Drop at the FW rule, does the UTM still will process the incoming connections from these IPs? or it will just rejrct them without process anything?

Thanks



This thread was automatically locked due to age.
Parents
  • For the IP with 200000 dropped packets, do you see a reduction in the load if you add an Exception to Intrusion Prevention?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • For the IP with 200000 dropped packets, do you see a reduction in the load if you add an Exception to Intrusion Prevention?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data