Add a custom IPS signature

  1. Go to Intrusion prevention > Custom IPS signatures and click Add.
  2. Enter a name.
  3. Select a protocol.
  4. Specify a custom rule. 
    keyword:"credit score"
    content:"www.facebook.com"
    srcport:443
  5. Select the severity.
  6. Select the recommended action to take when the firewall finds matching traffic.
    OptionDescription
    Allow packet Allow packet.
    Drop packet Drop packet.
    Drop session Terminate session. Use this setting to prevent an attack.
    Reset Reset session and send TCP reset packet to the originator.
    Bypass session Allow traffic and do not scan traffic for the rest of the session. Use this setting to allow certain types of traffic.
  7. Click Save.
    Note When a new custom IPS signature is added, the IPS engine is reconfigured without any interruption to service, provided there is enough RAM free for the reconfiguration to succeed. For XG firewalls with a low amount of free RAM available, the IPS engine will restart, causing a small disruption in service.

Add the signature to a policy rule.