Show IPS Signature Information
When the Firebox denies content based on a match with an IPS signature, the signature ID appears in the log file. To see more information about the signature ID that blocked the content, you can look up the IPS signature ID number in Firebox System Manager. Or, you can search for more signature details on the WatchGuard IPS Security Portal.
Find IPS Signature Information in Firebox System Manager
To look up information about an IPS signature:
- Open Firebox System Manager.
- Select the Subscription Services tab.
- In the Intrusion Prevention section, click Show.
The Intrusion Prevention Signatures dialog box appears.
The Intrusion Prevention Signatures dialog box shows all signatures, sorted by signature ID.
- The Signature ID is the ID that appears in the log file when content is blocked by this signature.
- The Category is the type of threat.
- The Threat Level indicates the severity of the threat.
- The Description column contains a short description of the threat.
- To search for signatures that contain a specific word or signature ID, type the text to search for in the Find text box. Click Search.
The signatures that match your search are highlighted in the list.
If a connection that you want to allow is blocked by an IPS signature, you can use the signature ID to add an IPS exception.
The threat levels are the same five threat levels you see in the IPS configuration. For information about how to change the action for each threat level, see Configure Intrusion Prevention.
You can also look up information about an IPS signature on the WatchGuard IPS Security Portal. For more information, see Look Up IPS Signatures on the Security Portal