Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto-Block an ip that trigger IPS ?

MattBowles

Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. 

I'm assuming the answer is "No" but I am never 100% sure. Is there a way to have a Sophos XG block an IP if it triggers an IPS event?



This thread was automatically locked due to age.
  • 0

    I think the answer is "No".

    Is this port scanning of internal servers to which you're forwarding all ports, or is this port scanning of your firewall? The former seems like restricting what's forwarded would stop scanning at the firewall, and the latter is stopped automatically as invalid appliance access at the firewall both of which are as efficient as blocking the IP. Is the issue the size of IPS log reports or perceived efficiency of blocking certain IPs?

    I'm thinking that auto-blocking particular IP's could cause more trouble than it's worth in an era of cloud computing.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?