Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    Quote Originally Posted by sky-knight View Post
    Don't use it unless you want gray hair? That module is VERY time intense on the admin to operate.

    As for Threat Prevention, it's a .0 release I wouldn't put it in front of servers willingly at this point. It needs time to cook.
    LOL. That's been my experience with the Intrusion Prevention module as well.

  2. #12
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    Quote Originally Posted by sky-knight View Post
    Don't use it unless you want gray hair?
    Yes. That. Thinning gray hair, to be precise.

    Edit: I find Intrusion Prevention a powerful tool. Since I started my geek life a long time ago on a TRS-80 Model 1, maybe I'm just more willing by old habits to deal with the challenges Intrusion Prevention does actually come with.
    Last edited by Sam Graf; 03-24-2020 at 10:51 AM.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by Sam Graf View Post
    Yes. That. Thinning gray hair, to be precise.

    Edit: I find Intrusion Prevention a powerful tool. Since I started my geek life a long time ago on a TRS-80 Model 1, maybe I'm just more willing by old habits to deal with the challenges Intrusion Prevention does actually come with.
    It is a wonderfully powerful tool, but with great power...

    You have all the rope in the world to hang yourself!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untangler
    Join Date
    Jul 2009
    Location
    Minneapolis/Saint Paul MN
    Posts
    74

    Default

    I thought the idea of Threat Prevention was to give you the ability to block inbound traffic from known bad IP addresses. I believe the issue being addressed in this post is even with Threat Prevention set to ONLY block "High Risk", it is also blocking "Suspicious" traffic.

    At several client sites, it seems to block also SMTP traffic inbound from Suspicious IP addresses... known to be suspicious by using the builtin "Threat Lookup" tool. If it only blocked High Risk, I would absolutely leave it on, but too many clients were missing Emails sent from Suspicious domains like me.com, icloud.com and gmail.com in my specific experience.

    So either the slider control is not working or the App is misclassifying inbound traffic.
    Last edited by automationstation; 03-24-2020 at 12:47 PM. Reason: typos

  5. #15
    Newbie
    Join Date
    Nov 2008
    Location
    Chicago, IL
    Posts
    10

    Default

    Quote Originally Posted by automationstation View Post
    I thought the idea of Threat Prevention was to give you the ability to block inbound traffic from known bad IP addresses. I believe this issue this post is talking about is that with Threat Prevention to ONLY block "High Risk", it is also blocking "Suspicious" traffic as well. It seems to block SMTP traffic inbound from Suspicious IP address... by using the builtin Threat Lookup tool. If it only blocked High Risk, I would absolutely leave it on, but too many clients were missing Emails sent from Suspicious domains like me.com, icloud.com and gmail.com in my specific experience.
    When I've looked up the servers that are getting blocked, none of them are flagged as Suspicious. They are all coming up as Trustworthy or Low Risk.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    There have been some reports on these forums that the module is blocking anything with a reputation instead of just the high stuff... but it's not been completely confirmed. If you see logs where low risk is being blocked and you're configured otherwise you need to open a ticket with Untangle support so they can get the bug filed.
    Sam Graf likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Newbie
    Join Date
    Jun 2018
    Posts
    14

    Default I had to shut this off- too many bounced emails

    We found a few issues that generated false positives. There was also an issue with rules, where in most cases it was applying the condition globally. These have been fixed in the latest build3 release https://wiki.untangle.com/index.php/...ld3_2020-03-19
    We will be rolling this release out by the end of the week.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2