This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop or reject

Hi,

I have a DNAT with blackhole IP and FW rule that Drop connections from some bed IP address, now when check the firewall logs I can see from one of those IPs has almost 200000 Drop packages,Tthis is good news, but this means that our UTM still must process the incoming packages from this bed IP and I think this will use valuable resources of the device.

If we use reject instead of Drop at the FW rule, does the UTM still will process the incoming connections from these IPs? or it will just rejrct them without process anything?

Thanks

This thread was automatically locked due to age.

Parents

0 BAlfson over 6 years ago

For the IP with 200000 dropped packets, do you see a reduction in the load if you add an Exception to Intrusion Prevention?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 6 years ago

For the IP with 200000 dropped packets, do you see a reduction in the load if you add an Exception to Intrusion Prevention?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data