Hi all, quick security best practice question. Does it make sense to have Zone Protection Profiles applied to VPN Zones? If the profiles are on my untrust and trust, it should cover the vpn traffic since it physically goes through those right?
ZPP on every zone. ZPP does basic TCP and ICMP protections you REALLY want.
I would apply ZPP on VPN zones, especially if these are VPN’s to untrusted locations/sites that you don’t have control over. Keep in mind that ZPP is applying more than just things like flood protection; there are protocol specific protections that the underlying zone/interface (untrust) won’t have a view into because the traffic is encrypted at that point in time.
Yup. I typically use the same one for all VPNs unless one specifically acts a fool.