Author Topic: Direction (Read 3167 times)

csmall · « **on:** May 21, 2019, 07:20:51 pm »

With IPS, generally speaking, does it make more sense to do it on outbound traffic or inbound?

Doing it on both sounds like a performance impact will be greater.

But, if your firewall is already restricting inbound traffic to specific ports for services.. then would outbound make more sense so you can see and prevent nasty stuff that is actually on your network?

hbc · « **Reply #1 on:** May 21, 2019, 09:00:20 pm »

IPS (suricate) filters before firewall rules. In general, you filter inbound traffic.

This is more cpu friendly. Why waste cpu cycles with routing decisions, shapping, processing etc. and then you drop the packet.

ruffy91 · « **Reply #2 on:** May 22, 2019, 06:40:50 am »

This goes both ways, why inspect inbound WAN traffic if you gonna drop 99% of all unsolicited traffic by the firewall.

hbc · « **Reply #3 on:** May 22, 2019, 09:15:57 am »

Quote from: ruffy91 on May 22, 2019, 06:40:50 am

This goes both ways, why inspect inbound WAN traffic if you gonna drop 99% of all unsolicited traffic by the firewall.

The outbound traffic of your wan interface is the inbound traffic of your lan interfaces. Why let the traffic pass your firewall stack, when you drop it in the last step?

Author Topic: Direction (Read 3167 times)

csmall

Direction

hbc

Re: Direction

ruffy91

Re: Direction

hbc

Re: Direction