Hi guys, so ... i'm new to the whole XG thing, got it at home for testing so i can do pretty much anything i want on it ...
Question.
To protect clients from common attacks via IPS signature protection, i checked out the rules ...
I proceeded to create a new IPS Policy, cloning it from the default LAN TO WAN policy.
Question is this ... By going through the guide, Sophos states that it's better to create tailored policies and not use all signatures, to avoid delay in packets processing time. All fair.
Then the rule i see in their default is like this: https://i.imgur.com/slBPeZu.png
Last 3 subsets are defined as follows:
Category = All Categories
Severity = All Severity
Platform = Windows
Target = Client
Then
Category = All Categories
Severity = All Severity
Platform = Linux
Target = Client
And finally last one
Category = All Categories
Severity = All Severity
Platform = All Platform
Target = Client
Question is ... Isn't this last rule basically 'catching all' and re-checking signatures that have possibly already been checked? Its not filtered down by os as the previous two rules so ... ? Having this last one, should be considered encompassing the two previous one, or am i missing something?
Thanks in advance guys
This thread was automatically locked due to age.
 
				 
		 
					