Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=IpsCustomSignatureEdit

Add a custom IPS signature

  1. Go to Intrusion prevention > Custom IPS signatures and click Add.
  2. Enter a name.
  3. Select a protocol.

  4. Specify a custom rule.

    Example

    keyword: credit score

    content: www.facebook.com

    srcport: 443

  5. Select the severity.

  6. Select the recommended action to take when the firewall finds matching traffic.

    Name Description
    Allow packet Allow packet.
    Drop packet Drop packet.
    Drop session Terminate session. Use this setting to prevent an attack.
    Reset Reset session and send TCP reset packet to the originator.
    Bypass session Allow traffic and don't scan it for the rest of the session. Use this setting to allow certain types of traffic.

  7. Click Save.

    Note

    When a new custom IPS signature is added, the IPS engine is reconfigured without any interruption to service, provided there's enough RAM free for the reconfiguration to succeed. For Sophos Firewall devices with a low amount of free RAM available, the IPS engine will restart, causing a small disruption in service.

Add the signature to a policy rule.