SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Expose "Corporate Policy Violation" IPS rules via the Attack Pattern groups

Currently, there are many IPS rules in 9.x that do not seem to be exposed via the Attack Patterns page.

Many of them have following in their descriptions:
"Classification.: Potential Corporate Privacy Violation"

These include rules which block SKYPE, BitTorrent, etc.

ISTM that it doesn't make sense to have these hidden away, or even have them at all since we already have the Application Detection system.

links:
http://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/43598-pua-p2p-bittorrent-utp-peer-request-2.html#post215116

http://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/47541-ips-bittorrent-rules-id-disable.html

https://www.google.com/search?q=corporate+policy+violation+site%3Aastaro.org+ips+OR+snort

Please put these (and other hidden rules) into groups on the Attack Patterns page, and/or remove ones which are redundant with the application traffic classifier.

19 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    BGBG shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • SethSeth commented  ·   ·  Flag as inappropriate

        I do love the product but having 3 children each with a computer and 3 different gaming consoles it gets a bit cumbersome finding each of the rules I need to configure to let them play all their favourite games. Thanks again. Seth

      • Claus GratzlClaus Gratzl commented  ·   ·  Flag as inappropriate

        This behaviour is very annoying for us as as well. We would really appreciate a more powerful interface to control the IDS rules. The current interface is really not enterprise-grade for IT professionals, it looks more like the interace of a consumer product.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.