This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS / Rules Question

Hey All,

I'm running V.6 on an Astaro 220 Security Gateway and had a question or two:

After searching through the IPS rules, I noticed that some application such as P2P clients (Gnutella, Napster, etc.) are being ALLOWED through the gateway.

My question is, if these clients are indeed being allowed to function, how can we (the administrators) track which computers (users) are using these clients?

Question 2:

In the IPS rules section of the Gateway, I've noticed that most traffic is "enabled" and that rules (notifications) have been disabled.
Is going through each rule and turning each rule off and on the best bet here? What's the best way to deal with the IPS rules so that your network is safe and secure from intrusions and such?

Thanks very much!

Best,

Kristian D.
FFI, Inc.

This thread was automatically locked due to age.

0 BarryG over 18 years ago

My question is, if these clients are indeed being allowed to function, how can we (the administrators) track which computers (users) are using these clients?

You might want to look at the network accounting reports. Depending on how many users there are, you'll probably see the traffic there.

Re #2:
The IPS on 6.x is setup pretty well... If you know you have vulnerable applications on your LAN, you can double-check those rules, but turning on everything may result in a performance hit, depending on how much bandwidth is passing, etc.

Barry
Cancel
Vote Up 0 Vote Down

Cancel