Hello, hope you are well.
Is there any best practices to follow when enabling Intrusion Prevention feature on a UTM. During a very quick one day training course provided by Sophos they said that you can literally get away with just switching it on and not have to do much detailed tuning as out the box its a very balanced policy and suites most environments.
I did this and just added the "External (Address)" and the "Internal Networks" to the global settings for Local Networks.
So far this has only logged an ICMP Flood detection from a monitoring PC that has a continuous PING running on it.
Does anybody have any experience with regards to a good basic setup and if IPS is really needed for the internal side.
Regards,
Dave
This thread was automatically locked due to age.
