Skip to content

Add rules to a policy

Rules specify signatures and an action. You can select default or custom signatures. The firewall matches signatures with traffic patterns and takes the action specified in the rule. The firewall evaluates rules from top to bottom.

  1. Go to Intrusion prevention > IPS policies and click Edit Edit button for the policy you want to edit.
  2. Click Add.
  3. Enter a name.
  4. Select the signatures.

    • Click Select all.
    • Click Select individual signature and select the signatures.

    You can filter signatures based on category, severity, platform, and target. To sort based on search terms, click Select all, type a term in the smart filter, and press Enter.

    For details about the categories of rules, see Explanation of rules.

  5. Click Custom signature and select the signatures.

    Select specific signatures

  6. Select the action to take when the firewall finds matching traffic for the signatures in the rule. For packet-based actions, the firewall checks each packet. For session-based actions, it checks until it finds the first matching packet.

    Note

    The action specified for the rule overrides the action recommended by the signature.

    Name Description
    Recommended Default action specified for each signature.
    Allow packet Allow packet. The firewall logs the event when it allows the packets.
    Drop packet Drop packet.
    Disable Disable signature. Use this setting to prevent false positives.
    Drop session Terminate session. Use this setting to prevent an attack.
    Reset Reset session and send TCP reset packet to the originator.
    Bypass session Allow traffic and don't scan it for the rest of the session. Use this setting to allow certain types of traffic.

    Select the action

  7. Click Save.

For the policy to take effect, add it to a firewall rule.