Segui

How to Enable & Configure the IPS

Version 2.5 Versions 3.0 & 5.0

Applies to Platform: UTM 2.4, UTM 2.5, 4i Edge 2.5
Last Update: 15 July 2015

Applies to Platform: UTM 3.0, 4i Edge 3.0, UTM 5.0, 4i Edge 5.0
Last Update: 15 July 2015

This configuration guide will illustrate how to enable and setup the IPS engine on the Endian.

Enable the IPS

?name=media_1300141617670.png ips1.png

The first step is to enable the IPS engine by clicking the gray button (turn to green when enabled).

Configure the Settings & Update Ruleset

?name=media_1300142667054.png ips2.png

(1) Now we can enable updates to be fetched automatically by checking the box
(2) Next select the update schedule (hourly, daily, weekly, monthly). We recommend the default (hourly) as that provides the highest level of security

Click Save and restart before you proceed.

(3) Last is to actually update and install the initial ruleset by clicking the Update rules now button

Note

Once you click the Update rules now button you should see a pop-up dialog box that informs you of the update progress. Please be patient as this can take a little while to complete (especially the first time).

Review & Configure the Rules (by Category)

?name=media_1300142361987.png ips3.png

Next you should review the available categories of rules (and rules themselves) and determine which rules you want deployed in log&pass (IDS, Intrusion Detection System) mode and which you want in log&block (IPS, Intrusion Prevention System) mode. You can review the categories from the Rules tab of the interface and toggle the mode (pass or block) by clicking the yellow triangle / red shield icon. By default all rules are configured in log&pass mode to prevent traffic from being unnecessarily blocked.

Next you should review the available categories of rules (and rules themselves) and determine which rules you want deployed in log&pass (IDS, Intrusion Detection System) mode and which you want in log&block (IPS, Intrusion Prevention System) mode. You can review the categories from the Rules tab of the interface and toggle the mode (pass or block) by clicking the white triangle / black shield icon. By default all rules are configured in log&pass mode to prevent traffic from being unnecessarily blocked.

Legend - IPS Categories

?name=media_1300142575142.png ips4.png

Review and Configure the Rules (Individually)

?name=media_1300809103907.png ips5.png

You may also drill into any given category and review the individual rules contained within by clicking the "Edit" icon (pencil). Once there you can enable or disable individual rules as well as configure each rule to be either a log&pass or log&block rule.

Altre domande? Invia una richiesta

Commenti