This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PSD V4.x vs. V5.x Question

When I do a portscan (with NMAP/grc.com/scan.sygate.com) on a ASL-box V4.x I get an e-mail that there was a portscan and all packets were dropped. In V5(.006) I do the same thing and I don't receive an e-mail and it seems that de packets are not dropped !!!
Proberly I have to change some settings in IPS (I think). Could someone help me with this....?
IPS>Advanced>Policy is set to 'terminate connection' and exclusions is set to 'none'.

This thread was automatically locked due to age.

0 alasc over 21 years ago

Hello,

I just made the same experience with 5.006...
Anyone who can tell about that ?

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 Stephan_Scholz over 21 years ago

The Intrusion Protection System examines the traffic after the packet filter rules have been applied. This way only those packets are actually passed through the IPS that are allowed by the packet filter. The benefit of this is that you will get rid of a lot of false alarms. It does not make sense to give packets to the IPS that are being dropped anyway. However, a portscan may get away undetected, if it primarily scans the services that are being dropped by the packet filter.

Regards,
Stephan
Cancel
Vote Up 0 Vote Down

Cancel