I am evaluating Astaro product and am a newbie. I was wondering if there is a way to test IPS by triggering a Snort rule. Any tools? If so would I see any thing in the log?
IPS applies only to traffic allowed to enter/pass Astaro. I bet you could put in a rule Any -> Any -> Any and see some activity in the Live Log. In addition to the snort capability, that section of Astaro also includes tools that help prevent DoS Flooding and portscanning.
There's not much reason to spend time testing those capabilities, as they are are well-known and function effectively. If you're comparing against another IPS, you'll just find rules that are enabled on one, but not on the other. Every site will have unique situations that require adjustment of the default.
IPS applies only to traffic allowed to enter/pass Astaro. I bet you could put in a rule Any -> Any -> Any and see some activity in the Live Log. In addition to the snort capability, that section of Astaro also includes tools that help prevent DoS Flooding and portscanning.
There's not much reason to spend time testing those capabilities, as they are are well-known and function effectively. If you're comparing against another IPS, you'll just find rules that are enabled on one, but not on the other. Every site will have unique situations that require adjustment of the default.
