With IPS policies, you can prevent network attacks using rules.
The firewall enforces the actions specified in the rules and logs the corresponding events. The set of default policies prevents network attacks for several common types of traffic. You can create custom policies with rules that meet your traffic requirements.
- To add a policy, click Add and type a name. Then, you can clone the rules from an existing policy.
- To add rules to a policy, click Edit for the policy you want to edit and click Add.
IPS policy rules
Rules specify signatures and an action. The firewall matches signatures with traffic patterns and takes the action specified in the rule. The action specified for the rule overrides the action recommended by the signature.
Signatures identify threats and specify a recommended action to take when the firewall encounters matching traffic. Signatures are specific to applications, services, or platforms. The firewall includes predefined signatures and you also can create custom signatures.
SID: ID of the IPS signature.
Category: Category of IPS signature.
Severity: Degree of threat severity.
Platform: Signatures that apply to specific platforms (for example, Microsoft Windows).
Target: Client or server-based signatures.
Recommended action: Action recommended by the firewall when traffic matches the signature.