Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Apr 2020
    Posts
    7

    Default IPS High Volume of Blocked Traffic

    Hi,

    We have a number of clients with untangle NGFW's, a handful of them have super high IPS blocked traffic that matches their regular traffic. I've looked at some logs and am not entirely sure what to make of it. Any ideas?

    intrusion-prevention-pYviv7Cg.1626602400000.1626602400000@twc.cylanda.net.png

    In the logs, we just see a ton of incoming attempted traffic trying to access ports that don't exist on the WAN.
    Last edited by matt@cylanda.com; 07-26-2021 at 04:59 PM.

  2. #2
    Newbie
    Join Date
    Apr 2020
    Posts
    7

    Default

    This is what we see on most of our clients firewalls.
    intrusion-prevention-pYviv7Cg.1627293600000.1627293600000@aulii.ddns.net.png

    Looking at the graph indicators, I would assume the first graph I posted is more of what we want right?

    Are there any KB articles on how to manage and decipher the IPS in untangle?

  3. #3

  4. #4
    Newbie
    Join Date
    Jan 2021
    Posts
    3

    Default

    You need to have more information about what is being blocked to better diagnose it.

    Go to Reports -> Intrusion Prevention -> Blocked Events

    The category, classtype & msg will tell you a bit about what is being blocked. You can also see a "Rule Id" column - which corresponds to the rule in Intrusion Prevention that is blocking that traffic (count down the list from the top).

    You can also reduce the # of blocks by switching Intrusion Prevention scanning to "After other network processing." so it doesn't have to scan things that would have otherwise been blocked anyways.

    But it all boils down to your rules and what you set. Maybe share a screen shot of the rules tab in Intrusion Prevention

    This video may help - youtube.com/watch?v=U711b0baBIg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2