Contents

Related Topics

Configure Intrusion Prevention

To use Intrusion Prevention Service (IPS), you must have a feature key to enable the service.

For more information, see:

IPS Scan Modes and Actions

IPS has two scan modes

  • Full Scan — Scan all packets for policies that have IPS enabled.
  • Fast Scan — Scan fewer packets to improve performance. This option greatly improves the throughput for scanned traffic, but does not provide the comprehensive coverage of Full Scan mode. This is the recommended scan mode for Firebox T10, T30, T50 and all XTM models.

IPS categorizes IPS signatures into five threat levels, based on severity. For each threat level you can select one of these actions:

  • Allow — Allows the connection.
  • Drop — Denies the request and drops the connection. No information is sent to the source of the content.
  • Block — Denies the request, drops the connection, and adds the IP address of the content source to the Blocked Sites list. If the content that matches an IPS signature came from a client, the client IP address is added to the Blocked Sites list. If the content came from a server, the server IP address is added to the Blocked Sites list.

Enable and Configure IPS

If your Firebox has an active IPS subscription, the Web Setup Wizard and Quick Setup Wizard automatically enable IPS with recommended settings. For more information, see Setup Wizard Default Policies and Settings.

If IPS was not automatically enabled, you can enable it in Fireware Web UI or Policy Manager.

If you enable IPS for an HTTPS proxy policy, you must also enable Content Inspection in the HTTPS proxy action, in order for IPS to scan the HTTPS content. For more information, see HTTPS-Proxy: Content Inspection. IPS scanning of HTTPS content is not supported on XTM 21, 22, and 23 devices.

Configure Other IPS Settings

Make sure that you enable automatic updates of IPS signatures to keep your signatures current.

Give Us Feedback     Get Support     All Product Documentation     Technical Search