Manage IPS Rulesets
- Click 'Intrusion Prevention' > 'IPS Rules' in the left-hand menu
- The 'IPS Rules' interface displays a list of currently loaded IPS rulesets for the selected organization or device.
- You can enable/disable rulesets and configure them to allow/block packets as required.
- These
settings will be applied to devices when you choose the 'default'
IPS profile in the 'Content Flow Check' section of a firewall rule.
- See Content Flow Check Settings if you want more advice on this.
To configure IPS Rulesets
- Click 'Intrusion Prevention' > 'IPS Rules'
- Select the organization/device from the drop-down in the title bar
- A default profile applied to an organization will apply to all devices in the organization.
- A default profile applied to an individual device will apply only to the device in question.
IPS Rule List - Column Descriptions |
|
---|---|
Column |
Description |
Rule filename |
The label of the ruleset. |
Rules count |
The number of constituent rules in the rule set. |
Actions |
Displays control buttons for the ruleset. / - Indicates whether the ruleset is enabled or disabled.
/ - Rule action.Can be 'Alert' or 'Drop'.
|
Rulesets can be enabled or disabled individually or collectively:
- Enable a single ruleset - Click the icon in the 'Actions' column
- Disable a single ruleset - Click the icon in the 'Actions' column
- Multiple rulesets - Select rulesets using the check-boxes on the left. Click the 'Enable' or 'Disable' button as required.
Any
changes will be saved to the default profile and immediately applied
to devices on which the profile is active.
Rule actions are the responses you want the firewall to take if the conditions of a rule are met. There are two options:
- Alert Policy - Will allow the packet to pass and will generate an alert. An alert policy is indicated by a yellow triangle in the 'Actions' column -
- Drop Policy - Will block the data packet without generating an alert. A drop policy is indicated by a shield icon in the 'Actions' column -