Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 8453 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intrusion Prevention

Samuel Brien

Hi

 

At the moment I have no flags on the TCP and UDP Flood Protection. It seems the average packet size I've researched has little effect when flagged as I have dropped packets galore after setting these values, and then flagging them.

I have the following settings:

SYN Flood 12000/100 - FLAGGED - 12000/100 - FLAGGED

UDP Flood 12000/100 - NOT FLAGGED - 18000/100 - FLAGGED

TCP Flood 12000/1500 - NOT FLAGGED - 12000/1500 - NOT FLAGGED

ICMP/ICMPv6 Flood 1200/100 - FLAGGED - 300/100 FLAGGED

Dropped Source Routed Packets - FLAGGED

Disable ICMP/ICMPv6 Redirect Packet - FLAGGED

ARP Hardening - NOT FLAGGED

 

Any help would be appreciated as I feel a bit vulnerable at the moment and am new to Sophos and NGFW's in general!



This thread was automatically locked due to age.
  • 0

    Hi,

    not sure what your issue is? Please explain exactly what you want you want help with?

    What rule are you using and what IPS rule is part of each firewall rule?

    What you are seeing could be simply a firewall rule incorrectly configured?

    We need more information before we can help.

     

    Ian

  • +1

    Hi Samuel , 

    You may refer our administration guide and set the settings as per your requirement 

    SYN Flood 1200/100 - FLAGGED - 1200/100 - FLAGGED

    UDP Flood 5000/100 - FLAGGED - 5000/100 - FLAGGED

    TCP Flood 12000/1500 - NOT FLAGGED - 12000/1500 - NOT FLAGGED

    ICMP/ICMPv6 Flood 1200/100 - FLAGGED - 300/100 FLAGGED

    Dropped Source Routed Packets - FLAGGED

    Disable ICMP/ICMPv6 Redirect Packet - FLAGGED

    ARP Hardening - NOT FLAGGED