Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 4478 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

vpn client and firewall question

kernel_wall
HEllo all,

Just a question as i didn't really find an answer on the forum or on internet.

does someone know why VYPRVPN speed is highly impacted behind a Sophos UTM ? and if i turn off my UTM and re-setup my box to act like a router i have normal speed under VYPRVPN ... 

any ideas ? or things to start to check ? 

Thx by advance.

Flo


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson
    Hey Bob,

    So i took time ... finally ... to check Rulez #1 [:)] 

    after checking application control her is what i found : 

    2015:03:23-14:21:17 R-HOME01 ulogd[17615]: id="2017" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Alert" action="log" fwrule="3" outitf="eth1" mark="0x316a" app="362" srcmac="0:10:f3:14:7e:41" srcip="192.168.5.60" dstip="VPN server IP" proto="17" length="50" tos="0x00" prec="0x00" ttl="127" srcport="64458" dstport="15641" 
    2015:03:23-14:21:17 R-HOME01 ulogd[17615]: id="2017" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Alert" action="log" fwrule="3" outitf="eth1" mark="0x316a" app="362" srcmac="0:10:f3:14:7e:41" srcip="192.168.5.60" dstip="VPN server IP" proto="17" length="50" tos="0x00" prec="0x00" ttl="127" srcport="64458" dstport="15641"


    and after checking IPS logs here is what i found :


    2015:03:23-14:21:40 R-HOME01 ulogd[17615]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="f4:ca:e5:4c:b2:24" dstmac="0:10:f3:14:7e:41" srcip="VPN server IP" dstip="My External IP" proto="17" length="1245" tos="0x00" prec="0x00" ttl="51" srcport="15641" dstport="64458"
    2015:03:23-14:21:40 R-HOME01 ulogd[17615]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="f4:ca:e5:4c:b2:24" dstmac="0:10:f3:14:7e:41" srcip="VPN server IP" dstip="My External IP" proto="17" length="1245" tos="0x00" prec="0x00" ttl="51" srcport="15641" dstport="64458"
    2015:03:23-14:21:40 R-HOME01 ulogd[17615]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="f4:ca:e5:4c:b2:24" dstmac="0:10:f3:14:7e:41" srcip="VPN server IP" dstip="My External IP" proto="17" length="173" tos="0x00" prec="0x00" ttl="51" srcport="15641" dstport="64458"
    2015:03:23-14:21:40 R-HOME01 ulogd[17615]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="f4:ca:e5:4c:b2:24" dstmac="0:10:f3:14:7e:41" srcip="VPN server IP" dstip="My External IP" proto="17" length="1245" tos="0x00" prec="0x00" ttl="51" srcport="15641" dstport="64458"
    2015:03:23-14:21:40 R-HOME01 ulogd[17615]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="f4:ca:e5:4c:b2:24" dstmac="0:10:f3:14:7e:41" srcip="VPN server IP" dstip="My External IP" proto="17" length="1245" tos="0x00" prec="0x00" ttl="51" srcport="15641" dstport="64458"



    SHould i put the VPN servers IPs into the Exceptions for the intrusion Prevention settings ??? will it be a risk ? 

    FLo