Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Sep 2018
    Posts
    36

    Default Untangle Intrusion Preventi - limiting logging/alerts, only 80/443 are port forwarded

    Hi all,

    Have a couple networks/VLANs behind an Untangle gateway and need to port forward http & https (tcp ports 80 & 443) in to a web server. So we'd like to enable Intrusion Prevention. Turning that on with all the default settings gives a ton of events that I don't think matter at all. For example, SSH attempts on port 22 (closed / not forwarded inbound) and 1433 (RDP closed / not forwarded). Would it generally be preferable to:

    A) Switch IPS to "After other network processing" which would presumably allow NAT/PAT forwarding (or lack thereof) to effectively filter things like RDP inbound before IPS even sees them.

    B) Modify the enabled IPS rules with an additional criterion of destination port 80 and port 443? (shows 84 rules logging)

    C) Something else?

    Basically, we'd like the IPS protection on inbound to the web server, but don't want to have a needle in the haystack situation with IPS log/reporting.
    Last edited by ntguru; 10-29-2019 at 03:21 PM.

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,716

    Default

    Took me a minute to understand what you meant, so for the rest of us who browse the recent/new posts list and lost the context of what forum this was posted to, "IP" is "Intrusion Prevention" in this case, and not "Internet Protocol"
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,129

    Default

    Switch to "After other network processing" to just use IPS for traffic filtered by NAT or network filters /admin/index.do#config/network/filter-rules
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    Sep 2018
    Posts
    36

    Default

    Quote Originally Posted by jcoehoorn View Post
    Took me a minute to understand what you meant, so for the rest of us who browse the recent/new posts list and lost the context of what forum this was posted to, "IP" is "Intrusion Prevention" in this case, and not "Internet Protocol"
    DOH! Updated.

  5. #5
    Untangler
    Join Date
    Sep 2018
    Posts
    36

    Default

    Quote Originally Posted by jcoffin View Post
    Switch to "After other network processing" to just use IPS for traffic filtered by NAT or network filters /admin/index.do#config/network/filter-rules
    Thank you. Updated config.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2