A server behind the FG, hosting different services (mail, web, dns, etc')
In between the two methods below, what would be a better approach for IPS configuration
in terms of resource consuming and performance ?
A. Creating a single firewall profile with the default IPS profile which covers protection for the whole services.
B. Creating a few firewall profiles for the different services, and apply more specific IPS profile to them
(for example: protect_dns, protect_http, etc').
Thanks,
Marius.
Personally I would separate the rules and apply a specific ips profile per policy. The benefit is then that you also can see the amount of traffic/ counters.
But I think it improves performance/ resource usage as well, because, let's say you have an incoming http request to port 80 and you have 3 separate policies (one for smtp, one for ftp and one for imap) above the http policy. The first 3 policies are skipped and it hits the http which only has http specific signatures, apart from default signatures.
If you had only 1 policy, then the packet should have been checked for all signatures, i.e. more memory resources are used to load the database.
So I would separate the rules. :)
Kind regards,
Ralph Willemsen
Netherlands
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.