RUTX 10 Security

Hello community,
I would like to implement all attack prevention on our Rutx10 fw.
I’m trying to find a good standard value (initial value) for limit/Limit Burst while trying not to block production

I’m talking about: Remote ICMP Req, SSH Attack Prev, HTTPs Attack Prevention and port Scan.

Thank you
Max

Hello,

There is a section in the WebUI under Firewall called ‘Attack Prevention.’ The Attack Prevention menu tab allows you to configure protections against certain types of online attacks. I recommend checking it out. More information can be found on our wiki page.

Hope this helps!

Best Regards,

i know there is a section in webui → Attack prevention (I’m asking for this very reason) and i know about wiki.( and i know netfilter / iptables)

Standard value on wiki for Remote ICMP Req is 5 - 10

In wiki there is value ( limit and limit burst) with " default: none" ( SSH Attack Prev, HTTPs Attack Prevention and port Scan.)

What value do you recommend I start with?

Best regards
m.

Sorry for any inconvenience. Here are the recommended starting values for limit and limit-burst settings for SSH Attack Prevention, HTTPS Attack Prevention, and Port Scan Prevention (The ICMP recommendation is the same as in the wiki):

  1. SSH Attack Prevention
    Limit: 5
    Limit Burst: 10

  2. HTTPS Attack Prevention
    Limit: 20
    Limit Burst: 40

  3. Port Scan Prevention
    Limit: 5
    Limit Burst: 10

Best Regards,

Nice,
Thanks!
M.

You are welcome!

Please let me know if you have more questions or require further assistance.

Best Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.