I have a modest Untangle setup at home that is giving me issues. I'm running on a U25 appliance and the load is very low. Untangle is running in routed/NAT mode and has one inbound port forward set up. I have IPS enabled and set to scan after other network processing. My first rule is a custom rule to block ciarmy and dshield known bad addresses. I have low, medium and high memory set to Recommended action.
Normally, the daily reports/IPS reliably shows a half dozen +/- incoming attempts on the open port blocked by IPS. After some period of time--probably several weeks--these daily reports will show no IPS activity. If I reboot the U25, the usual incoming blocks start showing back up.
My question is two fold. First, is this failure just the reporting or the IPS itself? Second, how can I resolve this, particularly if the IPS itself is failing?