Hi guys
I have seen some other posts before on this but they don't seem to explain why its important to have IPS turned on the LAN->WAN rule or the scenarios that it protects against.
I have heard conflicting reports - some Sophos experts saying (i) you don't need it on the LAN to WAN and its used more so for WAN->LAN (if say you were hosting a web server onsite that is publicly accessible) and (ii) in some cases IPS is used on policies for traffic going from EndUserLAN zone to ServerLAN zone.
Can anyone provide any detail on why having it on the LAN-WAN is important - and provide an example of what is it trying to prevent when enabled?
For example - maybe in the outbound traffic from end users machine the IPS is used typically to block an attack launched outbound from the client premises to public domains by a virus internally?
This thread was automatically locked due to age.