Results 1 to 2 of 2
  1. #1
    Master Untangler
    Join Date
    Mar 2017
    Posts
    185

    Default After other network processing

    Some times ago I configured IPS to scan after.
    I don't know if I misunderstood the wiki or if it should be phrased differently.

    In Config->Network->Advanced->Access Rules I've got the usual Block All as last rule after some Non-WAN rules. And I verified that from the Internet the traffic is dropped as I don't receive any RST. Fine.

    Now, I'd expect IPS not to show all the logs about inbound traffic that has a destination on the IP address of my WAN, as it is already blocked by Access Rules iptables. Unless, the network processing refers to that made by Apps and not the local one.

    The wiki says: "The advantage of this mode is that IPS will only scan/log on traffic that is actually entering your network and therefore ignores a lot of the standard "noise" from incoming port scans and vulnerability scans that just get dropped at the firewall".

    My logs are full of that standard noise about traffic that is dropped anyway. Please note that this is not an issue, I'm just asking out of curiosity: I've already trimmed the rules to what I really want to log.
    Happily untangling the average household: 20-25 active devices, 13 racks, each with 3 - 8 apps, OpenVPN 1 in, TunnelVPN 3 out, IPS on. Spice it up with VLANs and mix with tons of rules.

  2. #2
    Untangler
    Join Date
    Sep 2018
    Posts
    45

    Default

    Have you tried rebooting your Untangle? I had a similar issue after I turned on IPS scanning after network processing; ie, it seemed IPS was still pre-scanning not post-scanning. After rebooting, it appeared to be post-scanning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2