Add a custom IPS signature
- Go to Intrusion prevention > Custom IPS signatures and click Add.
- Enter a name.
- Select a protocol.
Specify a custom rule.
Select the severity.
Select the recommended action to take when the firewall finds matching traffic.
Name Description Allow packet Allow packet. Drop packet Drop packet. Drop session Terminate session. Use this setting to prevent an attack. Reset Reset session and send TCP reset packet to the originator. Bypass session Allow traffic and don't scan it for the rest of the session. Use this setting to allow certain types of traffic.
When a new custom IPS signature is added, the IPS engine is reconfigured without any interruption to service, provided there's enough RAM free for the reconfiguration to succeed. For Sophos Firewall devices with a low amount of free RAM available, the IPS engine will restart, causing a small disruption in service.
Add the signature to a policy rule.