This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS and Packet filters

I'm sure this has been asked a hundred times, but I can't seem to find a conclusive answer.

If I have a local machine that is made public via an Additional Address, Packet Filters (Allow ALL) and a DNAT (Allow ALL), does the IPS still run on the packets transmitted to this local machine?

What I am trying to accomplish is to effectively make the local machine act as though it is in the DMZ but with IPS still defending it against attacks.

This thread was automatically locked due to age.

Parents

0 BarryG over 18 years ago

It should.
Run an Nessus scan from outside and find out.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 ryaninit over 18 years ago in reply to BarryG

Is it the firewall will go through IPS first, then check the packet filter rules?

And would like to limit group of user accessing IM (MSN, ICQ...), could this be done.

Many thanks for any guideline on this.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ryaninit over 18 years ago in reply to BarryG

Is it the firewall will go through IPS first, then check the packet filter rules?

And would like to limit group of user accessing IM (MSN, ICQ...), could this be done.

Many thanks for any guideline on this.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BarryG over 18 years ago in reply to ryaninit

PacketFilter rules first, then if the traffic is allowed, it goes through the IPS. If the IPS allows it, then it continues through.

I believe there are some rules in the IPS for blocking IM, but note they probably won't be completely effective as some IM clients are very 'resourceful'.

Barry
Cancel
Vote Up 0 Vote Down

Cancel