On the Network Protection > Intrusion Prevention > Global tab you can activate the Intrusion Prevention System (IPS) of Sophos UTM.
To enable IPS, proceed as follows:
Enable the intrusion prevention system.
Click the toggle switch.
The toggle switch turns amber and the Global IPS Settings area becomes editable.
Make the following settings:
Local networks: Add or select the networks that should be protected by the intrusion prevention system. If no local network is selected, intrusion prevention will automatically be deactivated and no traffic is monitored. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Policy: Select the security policy that the intrusion prevention system should use if a blocking rule detects an IPS attack signature.
Note – By default, Drop silently is selected. There is usually no need to change this, especially as terminating data packets can be used by an alleged intruder to draw conclusions about the gateway.
Restart policy: Select the policy for connection handling when an IPS engine restart is required, for example when the engine is updated.
Your settings will be saved.
The toggle switch turns green.
Cross Reference – Find information about configuring IPS in the Sophos Knowledge Base.
The intrusion prevention live log can be used to monitor the selected IPS rules. Click the button to open the live log in a new window.
|© 2019 Sophos Limited
|Sophos UTM 9.600