Show IPS Signature Information
On the Signatures tab of the Intrusion Prevention Service configuration, you can see information about the IPS signatures. You can filter and sort the signature list, and you can see details about individual signatures. You can also add a signature to the IPS exceptions list from this tab.
The list of IPS signatures shows this information:
- The Signature ID is the ID that appears in the log file when content is blocked by this signature
- The Category is the type of threat
- The Threat Level indicates the severity of the threat
- The Description column contains a short description of the threat
From Fireware Web UI you can also look up the signature in the WatchGuard Security Portal, and add a signature to the IPS Exceptions list.
For more information about the Security Portal, see Look Up IPS Signatures on the Security Portal.
See IPS Signatures
- Select Subscription Services > Intrusion Prevention Service.
The IPS configuration page opens.
- Select the Signatures tab.
The signature list may take several seconds to show.
- Double-click a signature name to see more information about the signature.
- Click the link in the More Information section to look up the signature on the WatchGuard Security Portal. You can also click the Signature ID on the Signatures tab to look up the signature in the Security Portal.
- Open Firebox System Manager.
- Select the Subscription Services tab.
- In the Intrusion Prevention section, click Show.
The Intrusion Prevention Signatures dialog box opens.
Search, Sort and Filter the IPS Signatures
To search for signatures that contain a specific word or ID number, type the text to search for in the Search text box.
To sort the IPS signatures by Signature ID, Name, Category, or Threat Level, click one of the column headings.
In Fireware Web UI, you can filter the signature list by signature category or threat level.
- To filter the signature list by category, from the Category drop-down list, select the category.
- To filter the signature list by threat level, from the Threat Level drop-down list, select the threat level.
Add an IPS Exception
From Fireware Web UI, you can add a signature to the IPS Exceptions list directly from the IPS signatures list.
- Select a signature in the Signatures list.
- Click Add Exception.
The Signature Exceptions dialog box opens. The ID text box shows the ID of the signature you want to add.
- Select the Action, Log, and Alarm settings for this exception.
- Click OK.
The signature exception is added to the Exceptions tab.
You cannot add an exception from Firebox System Manager. You must open Policy Manager and add the signature ID to the IPS Exceptions list in Policy Manager. For more information, see Configure IPS Exceptions.