Hi all,
I just got the UTM home edition running for a week and i am very pleased about the product. it does a good job of protecting my internal network.
i have one question about the IPS though which i cannot figure out by myself.
UTM server config
External WAN = 192.168.2.12/24
Internal LAN = 10.10.11.251/24
globas ips settings. internal network (10.10.11.0/24)
i ran several nmap scans via kali linux, i even did a complete attack against all hosts in the network via metasploit and the strange thing is that de IPS detects only some minimal traffiic to 10.10.11.251 (the ip adres of the utm server) syn flood.
in short
snort isnt detecting anything in my network and if it does it only detects and logs it for the 10.10.11.251 as destination and thats is the ip adres of the UTM server itself.
When i do a portscan i get syn flood detection (no portscan)for the 10.10.11.251 but nothing for others hosts in the network.
does anybody have an idea what i am missing here?
This thread was automatically locked due to age.
