This is a 2 Part Question
We Have Multiple Locations with a Mix of MX-100 and MX-64 and MX-65 and a handfull of z-1 and z-3's
We have a third Party IDS/IPS System ahead of our 2 main MX-100's
We keep firmware up to date and have both AMP Enabled as well Intrusion Detection and Prevention Enabled
In Prevention Mode using Security Rule Set
We use Client VPN to 2 of The Main Sites Sites as well as Site to Site VPN for Branch Connectivity
Question 1
We are preparing for Perimeter Vulnerability Assessment to be conducted by auditing firm, And we whitelist the source IP of the Scanning System in the External IDS system but am wondering if I need to make any changes to my Appliances for this scan? I know the there are some older articles that recommended Disabling IPS or Changing it to detection set to logging. Most posts I have seen are older and I am not seeing anything current.
What is Current Policy or Practice since Whitelisting by IP is not supported.
I / We want to prevent and lockups or other issues that were reported in the past.
Question 2
Auditors will also be doing aninternal scan. I/We do scan using (Nessus Pro) and we scan all Subnets / VLANs that are reachable via VPN and DMZ of Main Site Most sites have up to 3 VLANS (VOIP Data Security (Alarm And Video)
I have had a couple issues in the past doing internal scans myself but could never prove the scan was the cause of the issue especially after I told Nessus to skip sensitive devices
Are there any know issues related to an Internal Scan?
Auditors also suggest I whitelist these for internal scan as well?
Thanks to all in advance
Au
