Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 9361 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS policies - best practice.

dark moon

Hi there.

I've recently moved from Sophos UTM 9.4 (home) to Sophos XG (home) and trying to tweak the settings for my own setup.

I have a QNAP NAS on my lan and it is setup for various things, but mainly as a Web Server. I have setup they correct Firewall rule, but was wondering should I tweak the IPS Policies by creating a clone of "WAN TO LAN" and adjust the Signature Filter Criteria to just have signatures just for the NAS.

The NAS is a Linux Box, with Apache, PHP, MariaDB, FTP. Or should I just leave the Setting to "WAN TO LAN"

Thanks for any help.



This thread was automatically locked due to age.
  • +1

    Dark,

    I would advise you to clone WAN to LAN IPS policy rules and create a custom one where only the needed signature will be used. More granularity, increased speed.

    Of course you have to know all the time exactly the application you are publishing.

    Thanks

  • +1 in reply to lferrara

    Hello Dark,

    In addition to what Luk has adviced, please remember to cancel(strike out) and not to select any policy that you wouldnt need for your application. 

    IPS is processor and resource hungry module and you can easily degrade the throughput if the policy is not well designed. 

    Once done with that, hit up "help" on the appliance and then go to console "ips settings". There are advanced options there if you'd like to take a look and configure them just in case.

    Regards,