Link to home
Create AccountLog in
Avatar of pchettri
pchettri

asked on

Watchguard M400

I have got IPS enabled and denied on most accept information. I have packet filtering policy with IPS enabled for all server including SQL.

I have SQL monitoring agent that looks for trigger words/code in the URL the user is submitting and it has been sending email alert for Possible SQL injection from URL, Trigger - @@, Time and IP - 208.x.x.x.

We have client website manged by us that send query to our SQL server. It looks  bot probing us to see if we have sql injection vulnerabilities. I don't see threat on Watchguard blocked list.
What kind of configuration on watchguard ensures better security against such threat. When I called watchguard they said to enable proxy based policy for that SQL server on HTTP. If I do that would it block genuine request to DB from client web site.

Also, I was planning to add NetFort SQL for LANGuardian on existing LANGuardian VM. But I am not sure if it allows the inspection of packet and signature tracking and blocking.
ASKER CERTIFIED SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer