Configure IPS Exceptions

When you enable the IPS feature, the XTM device examines traffic to look for patterns of traffic that match the signatures of known intrusions. When an IPS signature match occurs, the XTM device denies the content and the intrusion is blocked. If you want to allow traffic that is blocked by an IPS signature, you can find the identification number for the signature (the signature ID) and add the signature ID to the IPS exception list.

Find the IPS Signature ID

When the XTM device blocks a connection based on a match with an IPS signature, the signature ID appears in the log file if you have enabled logging for IPS. To see which IPS signature blocked the connection, look in the log file for the IPS signature ID number. If a connection that you want to allow is blocked by an IPS signature, use the signature ID to add an IPS exception to allow that connection.

On the Signatures tab, you can look up the IPS signature ID to see information about the threat a signature ID represents. For more information about how to look up an IPS signature, see Show IPS Signature Information.

Add an IPS Signature Exception

To add an IPS signature exception:

  1. Select Subscription Services > IPS.
    The IPS configuration page appears.
  2. Select the Exceptions tab.
    The list of IPS signature exceptions appears.
  3. Click Add.
    The Add Exception dialog box appears.

Screen shot of the Signature Exceptions dialog box

  1. In the ID text box, type the ID of the IPS signature you want to add.
  2. From the Action drop-down list, select the action you want IPS to take for this signature. The available actions are:
  1. Select the Log check box if you want to send a log message for this IPS exception.
  2. Select the Alarm check box if you want to send an alarm for this IPS exception.
  3. Click OK.
    The exception is added to the Signature Exceptions list.

Screen shot of the IPS Exceptions tab

  1. Click Save

To edit the settings for an exception, select the exception and click Edit.

To remove an exception, select the exception and click Remove.

See Also

Configure Intrusion Prevention

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base