This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclusions...

Hey all,

The manual's not very clear about this, so I wanted to run it past you guys to see if I'm configured correctly. I NEVER see any entries in the IPS logs, so I think there may be a misconfig. My intention is to not scan outbound traffic, or traffic that is flowing between our two VPN connected LAN's (Main Office and Datacenter).

I have IDS enabled and exclusions setup as follows on the main office firewall:

Source Networks:
Datacenter (The DC's subnet)
Internal (LAN subnet)

Destination Networks:
Datacenter (The DC's subnet)

On the datacenter firewall I have:

Source Networks:
Internal (LAN subnet)
Main Offfice (LAN subnet)

Destination Networks:
Main Office (LAN subnet).

That's about it, am I confusing the settings and disabling IPS with a config like this?

Thanks,

Keith

This thread was automatically locked due to age.

0 BarryG over 17 years ago

I think the source networks would be enough... adding the destination nets would reduce your protection if you are not doing NAT.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 sirebral over 17 years ago in reply to BarryG

Actually everything is fully NAT'ed, so I don't see this being an issue, I'm just confused as to why the IPS would never see anything. I'm used to my old IPCOP's IDS catching all sorts of fun stuff.

Regards,

Keith
Cancel
Vote Up 0 Vote Down

Cancel
0 ScottL over 17 years ago in reply to sirebral

I have also hardly seen any attacks lately being registered via the IPS. Although that being said about a month ago I realized I forgotten to put the DMZ as an internal protected network in the IPS config since I switched over to V7.

Since switching to v7 I have seen a lot less in the IPS logs compared to what I saw in v6. I am beginning to question this versions effectiveness compared to that of V6's.

-Scott
Cancel
Vote Up 0 Vote Down

Cancel