IDS

Overview


Figure 1.  Enterprise Templates IDS Page

The Enterprise Templates IDS page (Fig. 1) allows you to configure intrusion detection and protection system (IDS/IPS) settings for the selected Enterprise Template.  The IDS/IPS service monitors your network and will either alert you when blacklisted traffic is detected (IDS mode) or automatically drop connections related to blacklisted traffic (IPS mode).

Enable IDS

Choose from three options:  “On,” “Inherit,” or “Off.”

Off

Choose “Off” to explicitly disable IDS/IPS for the selected template.  Mako devices with this template applied will have IDS/IPS disabled (subject to template hierarchy).

Inherit

Choose “Inherit” to inherit IDS/IPS settings from another template instead of specifying them here.

On


Figure 2.  Enterprise Templates IDS Settings

Choose “On” to explicitly enable IDS/IPS for the selected template (Fig. 2).  Mako devices with this template applied will have IDS/IPS enabled and will use the configuration shown (subject to template hierarchy).

Use caution when enabling this feature, as it may impact performance.

IDS Settings

Mode

Choose “Enforcing (IPS)” to use IPS mode, which will automatically drop connections related to blacklisted traffic.

Choose “Reporting (IDS)” to use IDS mode, which will alert you when blacklisted traffic is detected without taking any further action.

Scope

Choose the scope of traffic that the IDS/IPS service will inspect: either all traffic (including Internet, VPN, and Intranet destinations) or only traffic related to Internet and VPN destinations.

Update Frequency

Choose how often Mako devices using the selected template will update their IDS/IPS configuration.

Options include:

  • Auto
  • 1 Hour
  • 8 Hours
  • 12 Hours
  • 1 Day
  • 2 Days
  • 3 Days
  • 1 Week

Profile

Choose the IDS profile that the IDS/IPS service will use to detect blacklisted traffic.

If no IDS profiles are available, click the arrow icon link next to the “Profile” label, to visit the IDS Profile page and create a new IDS profile. See the IDS Profile documentation for details.

LANs

Specify which LANs (including VLANs and WLANs) will use the IDS/IPS service.  Enter “ALL” to enable IDS/IPS for all LANs.

To add a LAN to the list, enter its name and click the “+” icon button.  To remove a LAN from the list, click the “-” icon button next to its name.

Save Button

Click the “Save IDS” button to save these IDS/IPS settings for the selected template.

Was this post helpful?
Please let us know if this helped you find answers.
Yes
No