This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Covid-19 Induced VPN Use -- security question

Hi,

I'm in the US and like a lot of people this week I'm scrambling to support people who usually work in one big room but are now telecommuting and making heavy use of our VPN.

Normally I have 3-10 connections per day, maybe 2-3 at a time, now I have 15-20 at a time (staff of 68). I think it would be more but by the time they get logged on I think it gets so slow they give up and find other avenues.

I already had IPS disabled for traffic to/from the VPN Pool and our LAN. But I noticed that I was still getting a flood of flood alerts in the IPS log about port 4500. I turned off IPS for all traffic over this port and over the L2TP protocol, regardless of it's source or destination.

Have I opened myself up to serious security concerns?

Thanks,

Jeff

This thread was automatically locked due to age.

Parents

0 Alexander Busch over 5 years ago

Hi Jeff,

we both are in the same situation I think. I got that too, with the difference of IPsecVPN. But it was enough to disable UDP Flood for the interface where the VPN is terminated.
So maybe you could adjust a little more. The deactivation of whole IPS is a little too much. But it seems UTM doesn’t recognize this by itself.

Best regards

Alex

-
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Alexander Busch over 5 years ago

Hi Jeff,

we both are in the same situation I think. I got that too, with the difference of IPsecVPN. But it was enough to disable UDP Flood for the interface where the VPN is terminated.
So maybe you could adjust a little more. The deactivation of whole IPS is a little too much. But it seems UTM doesn’t recognize this by itself.

Best regards

Alex

-
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data