The correct approach of IPS configuration

Question

A server behind the FG, hosting different services (mail, web, dns, etc')

In between the two methods below, what would be a better approach for IPS configuration

in terms of resource consuming and performance ?

A. Creating a single firewall profile with the default IPS profile which covers protection for the whole services.

B. Creating a few firewall profiles for the different services, and apply more specific IPS profile to them

(for example: protect_dns, protect_http, etc').

Thanks,

Marius.

Ralph1973 · Answer

Personally I would separate the rules and apply a specific ips profile per policy. The benefit is then that you also can see the amount of traffic/ counters.

But I think it improves performance/ resource usage as well, because, let's say you have an incoming http request to port 80 and you have 3 separate policies (one for smtp, one for ftp and one for imap) above the http policy. The first 3 policies are skipped and it hits the http which only has http specific signatures, apart from default signatures.

If you had only 1 policy, then the packet should have been checked for all signatures, i.e. more memory resources are used to load the database.

So I would separate the rules. :)

Kind regards,

Ralph Willemsen

Netherlands

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded