Smart Defense Subscription

[futureechos]

We've been running our Firewalls for about a year and seen a few problems where Smart Defense can be a little over zealous. We don't have a subscription to update SD at the moment, we're considering renewing with it.

If we do, and we get all the latest SD updates should we expect problems, I'm thinking of putting most of the features in monitor only to start with.

Anyone have any experience of this?

Any tips?


Thanks
FE

[mcnallym]

In general before turning on then as you are looking too, then put the defense into monitor mode so it will apply anf log what would have dropped but not actually drop it.

That way you can see if going to cause you problems.

Leave in monitor for at least a month.

[chillyjim]

A lot of SMDF has been "Fixed" but monitor mode is your friend.
I do find SMDF blocks a lot of junk hitting my network. Its really good at keeping all the IIS attacks away from my Apache servers.