After saving and deploying the policy to the sensor, I am still seeing the attack show up on my dashboard and analyzer several hours later, so I am thinking that the rule is NOT working. The syslog does not show any entries either
The sensor is software version: 18.104.22.168 Signature Set 22.214.171.124
The rule as follows
Thanks for the advice on the sensor edge facing. I do have it this way to at least be able to see the attacks on my public facing IP addresses, its reported better than my CheckPoint firewall provides. Also my firewalls are virtual, so it makes it a bit harder to configure the interfaces on the internal trusted side. I'll keep it in mind though for a reconfiguration.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.