commentBlock = $("#comment_post_40272").find('.comment-blocks'); commentBlock.find('.loading').hide(); commentBlock.find('.see-all-comments').hide(); commentBlock.html("
<\/a>
\"it_user326337<\/a>
it_user326337<\/a>Customer Success Manager at PeerSpot<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Have you always had this access to multiple IPs? Do you have recommendations for users that don\'t have that option?<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"Fred<\/a>
Fred Fish<\/a>Network Administrator at a non-profit with 201-500 employees<\/span><\/div>
<\/span>Real User<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Changes I\'ve made that have helped a bit, limited the external exposure of the FW to attack. Which sounds logical, but I need to be able to manage the device from a remote location and do not have dial in abilities.\n
Basically eliminate ICMP responds to the WAN as well as HTTP responses. I\'ve added specific IPs when I note the traffic on more than one instance, and even a few ranges of other countries. \n
As I mentioned before I have options for multiple IPs so I change it from time to time when hits become troublesome. That means changing my VPN settings on both ends as well. But, that is less downtime then having the denial of service issues.<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user326337<\/a>
it_user326337<\/a>Customer Success Manager at PeerSpot<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Are there any individual changes you can suggest that would minimize this downtime that you\'ve been experiencing?<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"Fred<\/a>
Fred Fish<\/a>Network Administrator at a non-profit with 201-500 employees<\/span><\/div>
<\/span>Real User<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Definitely not. Any downtime due to an attack is not a success. I\'ve fought this for far too long with no rhyme or reason to the attacks. Can\'t block IPs and the built in counter measures, I believe, cause the device to stop allowing traffic.<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user326337<\/a>
it_user326337<\/a>Customer Success Manager at PeerSpot<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Have you been as successful as you would like in avoiding these DDoS or IPS attacks?<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"Fred<\/a>
Fred Fish<\/a>Network Administrator at a non-profit with 201-500 employees<\/span><\/div>
<\/span>Real User<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

We have made many configuration changes to the firewall to avoid the DDoS or IPS attacks. We have options with a few IPs and many firewall settings that have assisted in lessening the frequency of the outages. With the 7 remotes sites I have only this one has the problem so I have assumed it is an external attack to the site.\n
I have a Single Pane of Glass I watch while I\'m at work and can usually correct any issues within minutes of the problem happening, so impact is less. I also receive emails from my main firewall (CR500iNG-XP) when the IPsec tunnel drops to alert me when I\'m not at my desk. The users onsite don\'t have much impact as they are mobile quite often and this happens when they are not in the office or is corrected rather quickly.\n
If the office was staffed more extensively I would certainly have to come up with a better solution. Maybe even swapping the firewall altogether. But with our budgets that is not an option for the non-profit.<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user326337<\/a>
it_user326337<\/a>Customer Success Manager at PeerSpot<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>