Add rules to a policy
Rules specify signatures and an action. You can select default or custom signatures. The firewall matches signatures with traffic patterns and takes the action specified in the rule. The firewall evaluates rules from top to bottom.
- Go to Intrusion prevention > IPS policies and click Edit for the policy you want to edit.
- Click Add.
- Enter a name.
-
Select the signatures.
- Click Select all.
- Click Select individual signature and select the signatures.
You can filter signatures based on category, severity, platform, and target. To sort based on search terms, click Select all, type a term in the smart filter, and press Enter.
-
Click Custom signature and select the signatures.
-
Select the action to take when the firewall finds matching traffic for the signatures in the rule. For packet-based actions, the firewall checks each packet. For session-based actions, it checks until it finds the first matching packet.
Note
The action specified for the rule overrides the action recommended by the signature.
Name Description Recommended Default action specified for each signature. Allow packet Allow packet. The firewall logs the event when it allows the packets. Drop packet Drop packet. Disable Disable signature. Use this setting to prevent false positives. Drop session Terminate session. Use this setting to prevent an attack. Reset Reset session and send TCP reset packet to the originator. Bypass session Allow traffic and don't scan it for the rest of the session. Use this setting to allow certain types of traffic. -
Click Save.
For the policy to take effect, add it to a firewall rule.