Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 5 subscribers
  • Views 8649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Stateful Inspection

MattWegrzyn

Is there any way to make certain policies stateless rather than stateful?

Yes we know what it means and the reasons behind both, so not looking for lectures or an opinion. Just a yes or a no.

Please advise, thank you.



This thread was automatically locked due to age.
  • 0 in reply to MattWegrzyn

    We've been thru it all. The 650, 625, 450, etc.

     

    It's all the same issue.

  • 0 in reply to MattWegrzyn

    These are old but one of MANY DOZENS of DIFFERENT types of errors found in kernel logs. Honestly, we eventually stopped trying to go after each and every one because support wasn't adequate. Example:

    2015:07:20-02:29:13 asg1 snort_5069_: S5: Pruned 1 sessions from cache for memcap. 11340 scbs remain. memcap: 8387435/8388608
    2015:07:20-02:29:13 asg1 snort_5069_: S5: Pruned 2 sessions from cache for memcap. 11338 scbs remain. memcap: 8387442/8388608
    2015:07:20-02:29:13 asg1 snort_5069_: S5: Pruned 1 sessions from cache for memcap. 11337 scbs remain. memcap: 8387228/8388608
    2015:07:20-02:29:13 asg1 snort_5069_: S5: Pruned 5 sessions from cache for memcap. 11333 scbs remain. memcap: 8388621/8388608
    2015:07:20-02:29:13 asg1 snort_5069_: S5: Pruned 5 sessions from cache for memcap. 11328 scbs remain. memcap: 8389773/8388608

     

     

    Most issues however were to do with 'conntrack' errors. As mentioned, a 10MBPs flood can cause many issues.

  • 0 in reply to MattWegrzyn

    Matt, what does your Sophos reseller Partner say about this?  Did they create the support case with Sophos or did you?

    The log you just showed is from IPS and is not the system log.  Do you have a recent example of relevant lines in the system and fallback logs?

    Cheers - Bob

  • 0 in reply to BAlfson

    Maybe we should have you as our partner.


    They don't have a damn clue. Once it got passed sales, it's like they have no clue whatsoever.

     

    Unf, there's been a few issues over last few months but I didn't save the logs. Next time it comes up I'll post it here. We bought the Arbor device to place in front of Sophos to protect us which does bulk of the job. However, if we remove that I know we'd have issues almost on a daily basis. I can't disable them since it's on the production environment. 

     

    Now it's just that once in a blue moon time where the Sophos becomes the bottle neck. Got a direct contact? If you do partner support / consulting we'll be glad to pay.

  • 0 in reply to BAlfson

    I created the support case but all the support tickets are not accessible for some reason. Thus I cannot get the info from them.

  • 0 in reply to MattWegrzyn

    Thanks for the invitation, Matt - you have a PM.

    Cheers - Bob