I've been reading through the docs for IPS (at least, the docs I've found so far), and I have a few questions. Does the default IPS ruleset actually block Peer-to-Peer traffic from getting to the Internet, or does it just block exploits for known vulnerabilities in P2P clients? If it just blocks the exploit stuff, is it possible to create rules to block my users from P2p nets (even a little would help)? is there a website with a list of current rules?
I'm currently using ASL 5.206 on a 933 MHz P3 to firewall our network of around 500 computers (we're a small college in the woods...). Needless to say, I don't have it set to do much more than block ports and IP addresses through the packet filter (no AV, no content filter, no IPS, no proxies other than HTTP). It's doing fine in that simple role, but the students are really banging our T1's with heavy traffic from their dorm-room computers, and I'm looking for a way to block out the P2P stuff.
I guess if the IPS really CAN cut it down, I'll probably need newer, faster hardware before I turn it on. Any suggestions? Will dual procs help? Would AMD be better than Intel? (I realize that's almost a religious war).
Any suggestions are greatly appreciated.
David Doster
This thread was automatically locked due to age.