yes, using new rules via test ips good best practice as well.
On 6 Feb 2015, at 16:47, Darden, Patrick <Patrick.Darden@p66.com> wrote:
Auto-Update can cause problems. I take the stance that updates should be verified in a CERT or ISO first, before being operationalized. --p
-----Original Message----- From: Colin Johnston [mailto:colinj@gt86car.org.uk] Sent: Friday, February 06, 2015 10:46 AM To: Darden, Patrick Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org Subject: [EXTERNAL]Re: Checkpoint IPS
Yes, update can cause problems, same as router code updates as well. but update is price of progress.
Col
On 6 Feb 2015, at 16:44, Darden, Patrick <Patrick.Darden@p66.com> wrote:
Sorry, didn't mean to imply otherwise. Had an incident back in ~2004 where an IPS signature update closed ALL network traffic. Including fix-it updates. Definitely a case where the IPS caused major difficulties for a network.
--p
-----Original Message----- From: Colin Johnston [mailto:colinj@gt86car.org.uk] Sent: Friday, February 06, 2015 10:32 AM To: Darden, Patrick Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org Subject: [EXTERNAL]Re: Checkpoint IPS
Thought I would add
Astaro IPS works great, great functionality and does prevent ddos and exploits.
Colin