ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
5-48
Firewall Protection
v1.0, September 2009
When you enable the IPS, the default IPS configuration goes into effect. The default IPS
configuration is the configuration that the Advanced (IPS) screen returns to when you click the
Reset button. To modify the default IPS configuration:
1.
Select
Network
Security
>
IPS
from the menu. The IPS submenu tabs appear, with the Global
(IPS) screen in view (see
Figure 5-30 on page 5-47
).
2.
From the IPS submenu tabs, click
Advanced
. The Advanced (IPS) screen displays see
Figure 5-31 on page 5-49
). This screen displays sections for the different categories of attacks
such as Web, Mail, Databases, and so on.
3.
In the Enabled column for each section, either select individual attacks by selecting the
checkboxes to the left of the names, or select all attacks for that category by selecting the
checkbox to the left of “All web attacks.”
4.
In the Action column for each section, either select the actions for individual attacks by
making selections from the pull-down menus to the right of the names, or select a global action
for all attacks for that category by making a selection from the pull-down menu to the right of
“All web attacks.” Some of the less familiar Web and miscellaneous attacks are explained in
Table 5-11 on page 5-50
.
The pull-down menus let you make one of the following actions:
•
Alert
. When an attack occurs, an alert is logged but the traffic that carries the attack is not
dropped.
•
Drop
. The traffic that carries the attack is dropped and an alert is logged.
5.
Click
Apply
to save your settings.
Note:
Traffic that passes on the UTM’s VLANs and on the secondary IP addresses that
you have configured on the LAN Multi-homing screen (see
“Configuring Multi-
Home LAN IPs on the Default VLAN” on page 4-11
) is also scanned by the IPS.
Note:
To ensure that alerts are emailed to an administrator, you must configure the
e-mail notification server (see
“Configuring the E-mail Notification Server”
on page 11-5
) and the IPS alerts (see
“Configuring and Activating Update
Failure and Attack Alerts” on page 11-10
).