Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26
  1. #21
    Newbie
    Join Date
    May 2019
    Posts
    13

    Default

    Add me to the list!
    License: Home
    version: 15.0.0
    uptime: 2d 54m
    Server: custom
    CPU Count: 4
    CPU Type: Intel(R) Atom(TM) CPU E3845 @ 1.91GHz
    Architecture: amd64
    Memory: 8.26 GB
    Disk: 106.02 GB

    2 days ago:
    I notices the graph in my Intrusion Detection (blocked) report was not showing anything since about 4pm the day before ( it usually had 30 or per hour mostly SQL scans being blocked).
    2020-04-15 04:46:23 pm was last entry in the log.

    Since it was early and I was the only one up and rather then fiddle with things, I did a reboot. All seemed well until this AM

    Again, i see nothing being logged by IPS since 2020-04-17 03:25:18 pm

    Turned IPS on and off with zero results.

    At this point, I'm thinking a Reboot is my only alternative. I'm not very thrilled with the idea I will have to reboot this box every 48hrs so, hopefully Untangle can help figure this one out.

    Edit to add: a month or so ago I had same thing happen but don't recall the exact date/time. At that time I did the reboot thing and all was good. But, i have been following this thread in case it came back.
    Last edited by R. Shackleford; 04-18-2020 at 06:48 AM.

  2. #22
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,029

    Default

    My interaction with support on this issue was very positive, and thankfully, they do not doubt our experiences. If your problem is repeatable, then by all means open a ticket. They're after being able to narrow down the timeframe when the failure occurs as close as possible.

    In my case, I'm having to periodically reboot the u25xw because the Wi-Fi interface is dropping out. That has diminished my chances of providing support with anything useful.

  3. #23
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,799

    Default

    No support ticket, no bug report, no resolution.

    That's how this stuff goes. Forum reports are handy for the curiosity factor but useless in solving the actual problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #24
    Untangler
    Join Date
    Sep 2018
    Posts
    47

    Default

    For enabled IPS rules I have: a rule for known bad IPs (action set to enable block) in addition to the default low/medium/high memory rules (action set to recommended). Probably two months ago, maybe more, I moved the bad IPs block rule up ahead of the default ones.
    Since then, IPS logging and reporting has had no issues. I imagine a simple source IP comparison is computationally very simple compared to some of the signatures in the memory rules. I also have IPS set to scan after other network rules, and the only traffic coming in is a single port. So effectively PAT should be acting as a big filter before the simple IP-based IPS rule which itself acts as a filter before the more complex default memory IPS rules.

  5. #25
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,029

    Default

    Quote Originally Posted by ntguru View Post
    Since then, IPS logging and reporting has had no issues.
    I'm glad that's the case, but if the IP app is that delicate, well...

  6. #26
    Untangler
    Join Date
    Sep 2018
    Posts
    47

    Default

    I agree. It suggests that the reporting/logging at least -- and perhaps more -- could easily be defeated by even a modest flood of suspicious traffic.

    Quote Originally Posted by Sam Graf View Post
    I'm glad that's the case, but if the IP app is that delicate, well...

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2