This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is IPS even working?

I'm a bit concerned....
I have two firewall rules, which allow internet access:
- LAN to WAN
- DMZ to WAN
And I assigned those two IPS-rules to the firewall rules:
- LAN TO WAN
- DMZ TO WAN

As I have read here in the forum, the rules also affect the traffic in the other way, so in this case:
- WAN to LAN
- WAN to DMZ

Now I created a test machine in my DMZ and made a DNAT to this for port 1111 to port 80 on the machine. And for RDP. (For those business rules I also attached the IPS rules)
Now I tested port scanning, multiple Metasploit exploits for RDP and apache.
But the XG isn't showing any attacks, neither in the reports nor in the dashboard.

What am I doing wrong??

Thanks for your help in advance and greetings
Luca

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 7 years ago

Hi,

have you ticked the boxes in the IPS page to enable the IPS functions?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 lucakuehne over 7 years ago in reply to rfcat_vk

Hi Ian

I think you're talking about the checkboxes for the DOS protection, aren't you?

But I'm not talking about the DOS protection really, but more of the IPS.
In my understanding, if I'm trying to attack a network with exploits, then this isn't prevented by the DOS-protection in most cases.

Or did I get you wrong or missunderstood something else?

Luca
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lucakuehne over 7 years ago in reply to rfcat_vk

Hi Ian

I think you're talking about the checkboxes for the DOS protection, aren't you?

But I'm not talking about the DOS protection really, but more of the IPS.
In my understanding, if I'm trying to attack a network with exploits, then this isn't prevented by the DOS-protection in most cases.

Or did I get you wrong or missunderstood something else?

Luca
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data