Atomicorp

Right at the top of Firewall section in the ASL config, there are two options:

Enable ASL Network Firewall

and

Enable ASL Network Firewall IPS

On screen it says the default for both is YES, although for 3.x to 4.x upgrades I've done, "Enable ASL Network Firewall IPS" seems to be set to No.

My question is what is "Enable ASL Network Firewall IPS" supposed to control? My take was that it was for shunning/blacklisting/ossec/mod_sec side of things. But even on the upgraded systems where it was set to No, shunning still seemed to occur and everything was working as it should. So if it isn't that, what it is?

There doesn't appear to be anything on these options in the wiki (that I could find).

FW_IPS is a planned feature, currently disabled by default. It is designed to implement packet level IPS for specific classes of network attacks, like heartbleed, or amplification attacks against dns or ntp.

It there any harm in setting it to "yes" at the moment? Does it do anything?

I'd recommend leaving it off unless you can afford to use the system for R&D. The rules are not fully vetted. A rule update will automatically disable the setting

ok. Thanks.

I would suggest changing the text in the GUI so that it says "Default: no" rather than "yes" though