Hello all
We are in the middle of deploying an FTD with IPS for a project. We have seen a large number of the following violations in the IPS event log:
Message
Priority
Classification
PROTOCOL-DNS dns response for rfc1918 172.16/12 address d...
Hello all
Can anyone advise on the FTD’s capability to detect and mitigate DNS exfiltration attempts? Would there be a SNORT rule to detect such activity?
Thank you.
Hi all
When a client and server use PFS ciphers as part of the TLS session setup, what consideration(s), if any, should be given to an IPS system such as the FTD deployed in the middle to inspect the traffic?
My understanding of this whole topic ...
Hi all We have a link from our switch to a Juniper SRX firewall configured as a promiscuous port. Over this link we configure a primary PVLAN. Connected to the switch we also have a bunch of servers all in the same isolated PVLAN which is mapped to t...
Hi allWe have a requirement to provide IPS services on a HA pair of 4100 series FTDs. Specifically there is one flow we need this for. Two clients (servers) need to talk to four servers. The end-to-end path is: Clients > FTD/IPS > F5 load balancer > ...
Thank you pazzi for your swift response
That was as I suspected, partly. The 172/12 is legitimately part of our internal network so it makes sense we would include it as part of the HOME_NET variable. I say partly as I wasn't aware we would also ne...
Thank you Marvin
I’ll need to double check to see what we have implemented. In the absence of the FTD actually checking the contents of the DNS packet, this may be the next best thing.
Hi yogesh
First off apologies for not responding sooner. I am slightly more familiar now with the FTD, only slightly, particularly with the concepts you have mentioned below. However, I'm not sure this answers my question? As this is inbound traffi...
Thank you Reza
Apologies for the delay. We're bound by the clients processes to use PVLANS. We've decided to split some of the servers into separate VLANs/subnets which means we just simply need to create an inter-zone policy on the firewall.
