04-22-2017 06:42 PM
Hi All
I'm wondering how you all have your Vulnerability Protection set up. I've got a single profile that I use for both inbound and outbound policies
However, I find that alot is reported, that isnt actually of concern to me.
When I look in to it, they are all host types of server, and the attacker IP is a local IP on our network; however its not actaully attacking anything. For example; a website we visit results in the PA detecting a critical attack from us to the reote webserver everytime we logon to it:
Microsoft IIS ASP.NET NULL Byte Injection Information Disclosure Vulnerability (ID 32735)
Or when we have high call volumes, via a SIP trunk, the PA reports our PBX is attacking the SIP provider:
SIP Invite Method Request Flood Attempt (ID 40016)
SIP Bye Message Brute Foce Attack (ID 40028)
SIP Register Message Brute Force Attack (ID 40023)
Therefore I am thinking of splitting the vulnerability protection profile, and assigning server, when I am wanting to protect devices that are accepting traffic from the internet, and client when I am protecting devices behind the firewall, connecting out to the internet.
Cheers
David
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
