This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS with 2 Public Interfaces

Quick question, and this might seem kinda stupid.

I have 2 Interfaces with Public Addresses (External, DMZ) and behind the DMZ is a couple of Servers with Public IPs.

I have created the following firewall rules:

Allow: Internal -> Any
Allow: DMZ -> External
Allow: External -> DMZ (HTTP, HTTPS, etc)

When I am setting up IPS, is there any advantage changing the protected Interface to ANY since webmin and user portal are available on the External Network? I understand this is redundant for Interfaces with Private IPs, but is it for External Interfaces with Public IPs?

My current IPS protected Interfaces are:
DMZ
Internal

Any help would be greatly appreciated.

Thanks,
Kyle

This thread was automatically locked due to age.

0 BarryG over 11 years ago

Hi,

I'm not sure what 'External' is, but you should be using the built-in 'Internet IPv4' network definition in both rules.

NEVER set the IPS to protect ANY. It will destroy performance.
You should put your LAN(s) and DMZ(s) in it ONLY.
(and VPN pools should be OK)

I'm not sure if the IPS protects the webadmin and user portal or not, but I think it does as the portscan detection (which uses the Snort IPS) works on the EXT address(es).

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 kyle5281 over 11 years ago in reply to BarryG

Hi Barry,

I appreciate the reply. My "External" is my External Network is bound to the IPV4 Internet definition. It would be interesting to hear from somebody at Astaro if IPS does actually protect the External Interface. I was pretty sure that only my internal networks needed to be defined in IPS, but wanted to make sure.

Thanks,
Kyle
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

As Barry says, NEVER put any non-local subnet into 'Local networks' in IPS.

Cheers - Bob

Sorry for any short responses. Posted from my iPhone.
Cancel
Vote Up 0 Vote Down

Cancel