I have got IPS enabled and denied on most accept information. I have packet filtering policy with IPS enabled for all server including SQL.
I have SQL monitoring agent that looks for trigger words/code in the URL the user is submitting and it has been sending email alert for Possible SQL injection from URL, Trigger - @@, Time and IP - 208.x.x.x.
We have client website manged by us that send query to our SQL server. It looks bot probing us to see if we have sql injection vulnerabilities. I don't see threat on Watchguard blocked list.
What kind of configuration on watchguard ensures better security against such threat. When I called watchguard they said to enable proxy based policy for that SQL server on HTTP. If I do that would it block genuine request to DB from client web site.
Also, I was planning to add NetFort SQL for LANGuardian on existing LANGuardian VM. But I am not sure if it allows the inspection of packet and signature tracking and blocking.