IPS DoS attack policies

Hello Habib Yaqubi

You only have to enable DoS for Sync, UDP and ICMP. TCP flood should be enabled only during debugging.

For Syn and UDP flood.

Packet/Min: 1200 

Packet/Sec: 200

P.S. if you are using any TS, kindly increase Syn flood to 12000-500 else you can add TS in DoS bypass Rule.

ICMP flood. 200

Regards, Ronak.

Hello Ronak,

I have enabled SYN Flood, UDP Flood and ICMP Flood on Source and Destination, but i am unable to access admin portal of Sophos xg plus internet browsing stop working in client machines.

Regard's

Habib

Hello Ronak,

I have enabled SYN Flood, UDP Flood and ICMP Flood on Source and Destination, but i am unable to access admin portal of Sophos xg plus internet browsing stop working in client machines.

Regard's

Habib

Hello Habib Yaqubi,

For SYN, UDP and ICMP you only have to enable on Source.

Regards, Ronak.

Hello Ronak,

 Thank you for the below instructions, I have serious problem with Connection Sessions in Sophos XG Firewall, Let me first describe the our network layout, we have place Sophos Xg Firewall in front of Cisco ASA Firewall, in Cisco ASA Firewall we have limit the connection session of WAN IP of Sophos to 2000 session. but unfortunately we are facing the connection session exceed more than 2000, internet browsing will stop working till we clear the session from cisco ASA firewall, now we increased the session to 30000 which is very risky, it also being full. i don't know what is going on. i need to troubleshoot the issue, if you have any idea please let me know.

Regard's

Habib

Hi,

2000 sessions seems a very small number, you really need to be running at least 20,000. Those figures also depend on the number of clients connecting.

Ian