Avatar of pchettri

asked on 

Watchguard M400

I have got IPS enabled and denied on most accept information. I have packet filtering policy with IPS enabled for all server including SQL.

I have SQL monitoring agent that looks for trigger words/code in the URL the user is submitting and it has been sending email alert for Possible SQL injection from URL, Trigger - @@, Time and IP - 208.x.x.x.

We have client website manged by us that send query to our SQL server. It looks  bot probing us to see if we have sql injection vulnerabilities. I don't see threat on Watchguard blocked list.
What kind of configuration on watchguard ensures better security against such threat. When I called watchguard they said to enable proxy based policy for that SQL server on HTTP. If I do that would it block genuine request to DB from client web site.

Also, I was planning to add NetFort SQL for LANGuardian on existing LANGuardian VM. But I am not sure if it allows the inspection of packet and signature tracking and blocking.
Hardware FirewallsSecurityMicrosoft SQL Server 2008

Avatar of undefined
Last Comment

8/22/2022 - Mon