Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 25912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to disable IPS for LAN->VPN traffic?

oxident

Hi!

Does anyone if I can completely disable IPS for LAN->VPN traffic? I'm running a network monitoring tool which pings a few dozens of hosts inside my LAN and the XG somehow identifies this a network attack / intrusion, resulting in about 1000 "reconnaissance" and related ICMP attacks a day.

If I take a look at the statistics, it clearly states that the "attackers" as well as the "victims" are either LAN->VPN or VPN->LAN.

My firewall rules for this kind of traffic (LAN->VPN, VPN->LAN and even VPN<->VPN) don't use any intrusion prevention template...

Thanks for any help!



This thread was automatically locked due to age.
Parents
  • 0

    I suspect you are running not into an IPS template in the sense that you have not attached a policy to the rule, however the IPS Engine is used to monitor for DoS Attacks.

    There are a few options here but your main options are

    - adjust the ICMP/ICMPv6 Flood detection settings so that your network monitoring tool does not trip the DoS Protection

    - it might be you are not hitting the rate monitoring but being caught out by one of the other DoS Protection features such as Disable ICMP/ICMPv6 Redirect Packet or Dropped Source Routed Packets

    - you also have the option of creating a DoS Bypass Rule for your network monitoring tool

    These settings can be found under System > System Services > DoS & Spoof Protection

    Check the Log Files to see if they give you more information about the events.

  • 0 in reply to Leon.Friend

    Thanks for that. I was just too blind to see the DoS Bypass Rules. I've now created rules for every combination of my LAN<->VPN<->LAN networks and I guess that's fine.

Reply Children
No Data