Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 16593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Many IPS alerts

FormerMember
FormerMember

Good morning everybody!

 

I have many IPS alerts, is that normal?

And not all of the victims IP's are in my network!

I use LAN_TO_WAN standart IPS policy!

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Meghan,

    Make sure you don't have the SSH and HTTPS access open for the WAN zone in Administration | Device Access. It is recommended to uncheck these access to the XG when it is not used.

    Alongside, verify that the IPS patterns are up2date. This is also caused when you have hosted a server through DNAT and external attempts to access this servers are blocked by the XG.

    Thanks

  • FormerMember
    0 FormerMember in reply to sachingurung

    Hi Sachin,

     

    SSH and HTTPS access is already closed.

    I havn't got any server, only 3 Clients in the LAN, and I havn't got any DMZ.

    IPS signatures already up to date.

    So why there are so many intrusion attempts?

     

    Regards Meghan

  • 0 in reply to FormerMember

    Hi Meghan, 

    You may need to check the packet capture for the destination address in the intrusion list. You may find that your local host access some sites that have such vulnerability due to the outdated Web server. This does not indicate that your system is compromised and may need to investigate which URL or sites your host accessed and the reply from the server is logged by IPS policy. 

Reply
  • 0 in reply to FormerMember

    Hi Meghan, 

    You may need to check the packet capture for the destination address in the intrusion list. You may find that your local host access some sites that have such vulnerability due to the outdated Web server. This does not indicate that your system is compromised and may need to investigate which URL or sites your host accessed and the reply from the server is logged by IPS policy. 

Children
No Data