Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21
  1. #11
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    11

    Default

    Quote Originally Posted by sky-knight View Post
    Don't use it unless you want gray hair? That module is VERY time intense on the admin to operate.

    As for Threat Prevention, it's a .0 release I wouldn't put it in front of servers willingly at this point. It needs time to cook.
    LOL. That's been my experience with the Intrusion Prevention module as well.

  2. #12
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Quote Originally Posted by sky-knight View Post
    Don't use it unless you want gray hair?
    Yes. That. Thinning gray hair, to be precise.

    Edit: I find Intrusion Prevention a powerful tool. Since I started my geek life a long time ago on a TRS-80 Model 1, maybe I'm just more willing by old habits to deal with the challenges Intrusion Prevention does actually come with.
    Last edited by Sam Graf; 03-24-2020 at 10:51 AM.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    Quote Originally Posted by Sam Graf View Post
    Yes. That. Thinning gray hair, to be precise.

    Edit: I find Intrusion Prevention a powerful tool. Since I started my geek life a long time ago on a TRS-80 Model 1, maybe I'm just more willing by old habits to deal with the challenges Intrusion Prevention does actually come with.
    It is a wonderfully powerful tool, but with great power...

    You have all the rope in the world to hang yourself!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untangler
    Join Date
    Jul 2009
    Location
    Minneapolis/Saint Paul MN
    Posts
    79

    Default

    I thought the idea of Threat Prevention was to give you the ability to block inbound traffic from known bad IP addresses. I believe the issue being addressed in this post is even with Threat Prevention set to ONLY block "High Risk", it is also blocking "Suspicious" traffic.

    At several client sites, it seems to block also SMTP traffic inbound from Suspicious IP addresses... known to be suspicious by using the builtin "Threat Lookup" tool. If it only blocked High Risk, I would absolutely leave it on, but too many clients were missing Emails sent from Suspicious domains like me.com, icloud.com and gmail.com in my specific experience.

    So either the slider control is not working or the App is misclassifying inbound traffic.
    Last edited by automationstation; 03-24-2020 at 12:47 PM. Reason: typos

  5. #15
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    11

    Default

    Quote Originally Posted by automationstation View Post
    I thought the idea of Threat Prevention was to give you the ability to block inbound traffic from known bad IP addresses. I believe this issue this post is talking about is that with Threat Prevention to ONLY block "High Risk", it is also blocking "Suspicious" traffic as well. It seems to block SMTP traffic inbound from Suspicious IP address... by using the builtin Threat Lookup tool. If it only blocked High Risk, I would absolutely leave it on, but too many clients were missing Emails sent from Suspicious domains like me.com, icloud.com and gmail.com in my specific experience.
    When I've looked up the servers that are getting blocked, none of them are flagged as Suspicious. They are all coming up as Trustworthy or Low Risk.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    There have been some reports on these forums that the module is blocking anything with a reputation instead of just the high stuff... but it's not been completely confirmed. If you see logs where low risk is being blocked and you're configured otherwise you need to open a ticket with Untangle support so they can get the bug filed.
    Sam Graf likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Untangler
    Join Date
    Jun 2018
    Posts
    60

    Default I had to shut this off- too many bounced emails

    We found a few issues that generated false positives. There was also an issue with rules, where in most cases it was applying the condition globally. These have been fixed in the latest build3 release https://wiki.untangle.com/index.php/...ld3_2020-03-19
    We will be rolling this release out by the end of the week.

  8. #18
    Newbie
    Join Date
    Mar 2020
    Posts
    5

    Default

    FWIW, I was able to solve my email traffic that was being blocked and still keep the Threat Prevention Module enabled for everything else. I simply added a rule that effectively enabled all traffic received over port 25 to be permitted/passed.

    That said, I am having to keep a close watch over the remaining blocks that occur with the engine as it does seem to be fairly liberal on what it considers to be a suspicious IP.

  9. #19
    Untangler
    Join Date
    Jul 2009
    Location
    Minneapolis/Saint Paul MN
    Posts
    79

    Default

    Quote Originally Posted by bcarmichael View Post
    We found a few issues that generated false positives. There was also an issue with rules, where in most cases it was applying the condition globally. These have been fixed in the latest build3 release https://wiki.untangle.com/index.php/...ld3_2020-03-19
    We will be rolling this release out by the end of the week.
    Did this release? And if/when, will it update the app automatically or will the update be in a 15.0.1 overall update?

  10. #20
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Quote Originally Posted by automationstation View Post
    Did this release? And if/when, will it update the app automatically or will the update be in a 15.0.1 overall update?
    It's a date release. https://wiki.untangle.com/index.php/...ld3_2020-03-19
    Build: 15.0.0.20200319T120445.4755a056cd-1stretch

    It does not fix the blocking of email providers as that issue is the reputation given by BrightClould.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2