Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 11680 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS DoS attack policies

Habib Yaqubi

Hello,

When i am enabling IPS DoS Policies, TCP Flood, UDP Flood, SYN Flood, i can't access admin portal of Sophos XG Firewall plus user browsing will stoped, I need your help.

 

Thanks

Habib



This thread was automatically locked due to age.
Parents
  • 0

    Hello

    You only have to enable DoS for Sync, UDP and ICMP. TCP flood should be enabled only during debugging.

     

    For Syn and UDP flood.

    Packet/Min: 1200 

    Packet/Sec: 200

     

    P.S. if you are using any TS, kindly increase Syn flood to 12000-500 else you can add TS in DoS bypass Rule.

     

    ICMP flood. 200

     

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Hi Ronak,

    you are suggesting dropping the Packet/Min to 1200 from 12000 which is the XG default?

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

     

    Yes, I agree Sophos default value is 12000. But you can always fine tune the settings. In an ideal scenario, when a user (standalone PC and not Terminal Server) browse a site like Facebook, linkedIn, MSN the max SYN packet are 10-15/sec followed by all TCP packet.

     

    In case of UDP application like VOIP, VPN, etc you will have to increase UDP flood to 12000+ or add DoS bypass rule. 

     

    Regards, Ronak.

      

Reply
  • 0 in reply to rfcat_vk

    Hi Ian,

     

    Yes, I agree Sophos default value is 12000. But you can always fine tune the settings. In an ideal scenario, when a user (standalone PC and not Terminal Server) browse a site like Facebook, linkedIn, MSN the max SYN packet are 10-15/sec followed by all TCP packet.

     

    In case of UDP application like VOIP, VPN, etc you will have to increase UDP flood to 12000+ or add DoS bypass rule. 

     

    Regards, Ronak.

      

Children
No Data