Show IPS Signature Information

On the Signatures tab of the Intrusion Prevention Service configuration, you can see information about the IPS signatures. You can filter and sort the signature list, and you can see details about individual signatures. You can also add a signature to the IPS exceptions list from this tab.

The list of IPS signatures shows this information:

  • The Signature ID is the ID that appears in the log file when content is blocked by this signature
  • The Category is the type of threat
  • The Threat Level indicates the severity of the threat
  • The Description column contains a short description of the threat

You can search and sort the list to find signatures in Fireware Web UI and Firebox System Manager.

From Fireware Web UI you can also look up the signature in the WatchGuard Security Portal, and add a signature to the IPS Exceptions list.

For more information about the Security Portal, see Look Up IPS Signatures on the Security Portal.

See IPS Signatures

Search, Sort and Filter the IPS Signatures

To search for signatures that contain a specific word or ID number, type the text to search for in the Search text box.

To sort the IPS signatures by Signature ID, Name, Category, or Threat Level, click one of the column headings.

In Fireware Web UI, you can filter the signature list by signature category or threat level.

  • To filter the signature list by category, from the Category drop-down list, select the category.
  • To filter the signature list by threat level, from the Threat Level drop-down list, select the threat level.

Add an IPS Exception

From Fireware Web UI, you can add a signature to the IPS Exceptions list directly from the IPS signatures list.

  1. Select a signature in the Signatures list.
  2. Click Add Exception.
    The Signature Exceptions dialog box opens. The ID text box shows the ID of the signature you want to add.

Screen shot of the Signature Exceptions dialog box

  1. Select the Action, Log, and Alarm settings for this exception.
  2. Click OK.
    The signature exception is added to the Exceptions tab.

You cannot add an exception from Firebox System Manager. You must open Policy Manager and add the signature ID to the IPS Exceptions list in Policy Manager. For more information, see Configure IPS Exceptions.

See Also

About Intrusion Prevention Service