I get thousands of this alerts every time I use https://www.speedtest.net/
Does it make sense? how can I disable it or fix the issue?
This thread was automatically locked due to age.
I get thousands of this alerts every time I use https://www.speedtest.net/
I have applied this solution
https://community.sophos.com/kb/en-us/133096
Now not only I dont get those alerts, I have full speed on upload 300Mbps with this setting enabled I got around 260 Mbps and thousands of alerts
One last question, should I place IPS rules on the portforwarding rule (bussiness application rule) of a server or in the allow LAN->WAN rule of the server? or in both?
This depends on how much you want protect. Gor sure any incoming rule from WAN or other insecure networks should use IPS.
Also your LAN should at least use some rules outgoing to WAN (Protect as minimum especially webservices/Browsers & Plugins against zero days).
More IPS usage == more security == more performance penalty.
I personally use everywhere tuned IPS policies per firewall rule specific to protected assets (NAS, Windows Clients, Linux Clients, IoT....) also between internal network segments at least a base protection. As long as I do not depend on linespeeds at least....
And I use a XG125...surely not the performance beast, but with some tuning perfectly ok for my usage on my 250/25 WAN Link and my internal network segments...
/Sascha
So I should use Target=Server rules for WAN to LAN FW rules and Target=Client for LAN to WAN FW rules?
This would be the starting point and then filter by technology or whatever, right?
That's basically correct.
Clients use Client rules to protect their software as browsers, IM and Office applications etc., servers use rules to protect their services as DNS, Web Services, RDP etc. which are via Network accessible.
It's not completely black and white....also servers have some outgoing connections where they act as "client" and also Clients can provide accessible services as SMB, RDP, WMI etc.
But a good start is as mentioned in first sentence.
SaschaParis I can't find any documentation regarding this command
system application_classification on/off/show
Can we get more information about it?
FloSupport Can I get additional information regarding this firewall feature that is not documented anywhere?
system application_classification on/off/show
Ok, the mentioned microapp discovery is a different story. This is mainly used for further sub classifying "apps" within web applications as Facebook (chat, mail, post etc.)
The global application classification is for all apps, not only the http/https ones. I don't know why cloud apps are still recognized (if there's no app rule on place at all, policy set to "none", and not "allow all"). Maybe this is collected differently to normal app control. I didn't try it....
Could you clarify this intenally? maybe is a bug or something not properly implemented.
Could you clarify this intenally? maybe is a bug or something not properly implemented.