Putting Firewalla in IDS instead of IPS mode

Comments

3 comments

  • Avatar
    Firewalla

    There is no way to remove the Protection part and only do Detection.  Detection is in our system is pretty much just alarm, the Protection is triggered if the system knows how.

    Any reason for not using the IPS?  We don't get this kind of request often, so wondering if you have a legit use case. 

    0
    Comment actions Permalink
  • Avatar
    Ronald Nutter

    I do have a legit use for asking for the IDS mode.  I have used IPS in the commercial world and have been bit in the backside when the IPS either received a bad rule from the vendor's monitoring system or the match made wasnt as close it it should have been.  

    My usual way of implementing new technology is to start out with it in a monitoring mode to see how it reacts to what it finds without making changes.  I would like to have a way to do A/B comparison's between different IPS systems to see which is better identifying a problem or not reporting something that ends up being a false positive with the other IPS system.

    ** My Content is available on the following platforms **
    Amazon Fire TV: https://amzn.to/3m66Frm
    Roku: https://my.roku.com/add/techbyteswithronnutter
    YouTube: https://www.youtube.com/TechBytesRN
    Podcast: http://techbyteswithronnutter.com

    Thanks,
    Ron

    --
    Ronald Nutter
    Author, Speaker, YouTuber
    LinkedIn: http://www.linkedin.com/in/ronaldnutter

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Good point.  Let me ask our engineers and see if it is even possible to tune down the "P" part.  But currently, the "P" is not as enforced as we want it to be; as exactly your point.  So you will see some alarms as a warning, and the "blocking" action needs to be taken by the user.

     

    1
    Comment actions Permalink

Please sign in to leave a comment.