Configure Intrusion Prevention

To use Intrusion Prevention Service (IPS), you must have a feature key to enable the service.

For more information, see:

Enable IPS and Configure IPS Actions

To enable IPS:

  1. Select Subscription Services > IPS.
    The IPS page appears.

Screen shot of the IPS page, Settings tab

  1. Select the Enable Intrusion Prevention check box.
  2. Select the Scan Mode. You can select one of two modes:

If you have a WatchGuard XTM 21, 22, or 23 device, this feature is not available for your device.

  1. For each threat level, select the action. Available actions are:
  1. For each threat level, to send a log message for an IPS action, select the Log check box.
  2. For each threat level, to trigger an alarm for an IPS action, select the Alarm check box.
  3. Click Save.

If you enable IPS for an HTTPS proxy policy, you must also enable deep inspection of HTTPS content in the HTTPS proxy action, in order for IPS to scan the HTTPS content. For more information, see HTTPS-Proxy: Content Inspection. IPS scanning of HTTPS content is not supported on XTM 21, 22, and 23 devices.

Configure Other IPS Settings

In the IPS Policies section, you can disable or enable IPS for each policy in your configuration. For more information, see Disable or Enable IPS for a Policy.

To configure signature update settings, select the Update Server tab. For more information, see Configure the IPS Update Server.

To add signatures to the exceptions list, select the Signatures tab. For more information, see Configure IPS Exceptions.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base