Add rules to a policy

Rules specify signatures and an action. You can select default or custom signatures. The firewall matches signatures with traffic patterns and takes the action specified in the rule. The firewall evaluates rules from top to bottom.

  1. Go to Intrusion prevention > IPS policies and click for the policy you want to edit.
  2. Click Add.
  3. Enter a name.
  4. Select the signatures.
    • Click Select all.
    • Click Select individual signature and select the signatures.
    You can filter signatures based on category, severity, platform, and target. To sort based on search terms, click Select all, type a term in the smart filter, and press Enter.
  5. Optional Click Custom signature and select the signatures.
  6. Select the action to take when the firewall finds matching traffic for the signatures in the rule.
    For packet-based actions, the firewall checks each packet. For session-based actions, it checks until it finds the first matching packet.
    Note The action specified for the rule overrides the action recommended by the signature.
    OptionDescription
    Recommended Default action specified for each signature.
    Allow packet Allow packet.
    Drop packet Drop packet.
    Disable Disable signature. Use this setting to prevent false positives.
    Drop session Terminate session. Use this setting to prevent an attack.
    Reset Reset session and send TCP reset packet to the originator.
    Bypass session Allow traffic and do not scan traffic for the rest of the session. Use this setting to allow certain types of traffic.
  7. Click Save.

For the policy to take effect, add it to a firewall rule.