This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS question...

Hi all,

I'm using an UTM 9.006-5 only for "WEB PROTECTION",no packet filter or routing.
So I didn't configure the Masquerading or any other kind of NAT.

Then I enabled also the Intrusion Prevention specifying all the networks involved but
I can't see any kind of activity on the IPS logs.

So is it possible to use the IPS when the UTM is not forwarding the traffic?

Thanks for your answers...

This thread was automatically locked due to age.

0 BrucekConvergent over 12 years ago

Typically traffic must be passing through the UTM for the IPS to detect activity. I haven't tried this, but you might be able to setup a mirror port on your core switch and connect it to a free port on the UTM, and somehow make that work, but I wouldn't recommend it.

You can set the UTM in bridge mode and have it inspect inbound / outbound internet traffic transparently (at layer 2), that's what we recommend / do for customers that use a different perimeter firewall in front of the UTM.
Cancel
Vote Up 0 Vote Down

Cancel
0 jeff.welling over 12 years ago

Bruce is right, the UTM has to actually be seeing their traffic in order to do IPS on said traffic.

You didn't clarify if your UTM is your gateway or not, but as long as it is, then IPS should be able to analyze the traffic that passes through it. There are sites out there that detail different ways of testing if IPS is working but be careful not to make any changes to your UTM outside of WebAdmin if you have a support contract or you might void it.
Cancel
Vote Up 0 Vote Down

Cancel
0 Ol Deda over 12 years ago

Excluding one host from Web Protection in advanced tab, and allow that host by firewall rules you will se the results!
Cancel
Vote Up 0 Vote Down

Cancel