new to Untangle IP - limiting logging/alerts when only 80/443 are port forwarded

[ntguru]

Hi all,

Have a couple networks/VLANs behind an Untangle gateway and need to port forward http & https (tcp ports 80 & 443) in to a web server. So we'd like to enable Intrusion Prevention. Turning that on with all the default settings gives a ton of events that I don't think matter at all. For example, SSH attempts on port 22 (closed / not forwarded inbound) and 1433 (RDP closed / not forwarded). Would it generally be preferable to:

A) Switch IPS to "After other network processing" which would presumably allow NAT/PAT forwarding (or lack thereof) to effectively filter things like RDP inbound before IPS even sees them.

B) Modify the enabled IPS rules with an additional criterion of destination port 80 and port 443? (shows 84 rules logging)

C) Something else?

Basically, we'd like the IPS protection on inbound to the web server, but don't want to have a needle in the haystack situation with IPS log/reporting.

[jcoehoorn]

Took me a minute to understand what you meant, so for the rest of us who browse the recent/new posts list and lost the context of what forum this was posted to, "IP" is "Intrusion Prevention" in this case, and not "Internet Protocol"

[jcoffin]

Switch to "After other network processing" to just use IPS for traffic filtered by NAT or network filters /admin/index.do#config/network/filter-rules

[ntguru]

Took me a minute to understand what you meant, so for the rest of us who browse the recent/new posts list and lost the context of what forum this was posted to, "IP" is "Intrusion Prevention" in this case, and not "Internet Protocol"

DOH! Updated.

[ntguru]

Switch to "After other network processing" to just use IPS for traffic filtered by NAT or network filters /admin/index.do#config/network/filter-rules

Thank you. Updated config.