IDS

This topic is ONLY relevant to security gateways. It is NOT relevant to managed switches.

Overview


Figure 1. Example IDS Page

The IDS page (Fig. 1) allows you to enable intrusion detection and prevention systems (IDS/IPS) and to apply IDS profiles (sets of IDS rules) to the selected Mako. This service will either alert you when blacklisted traffic is detected (IDS mode) or automatically drop connections related to blacklisted traffic (IPS mode).

IDS Setup Form

The IDS Setup form (Fig. 1) allows you to enable or disable IDS/IPS. You have three options from which to choose: “On,” “Inherit,” and “Off.”

Enable IDS: On


Figure 2. Enable IDS with “On” Selected

To explicitly enable IDS/IPS for the selected Mako, choose the “On” option, configure the settings that display, then click the “Save” button (Fig. 2).

Use caution when enabling this feature, as it may impact performance.

Choosing the “On” option makes the following fields available:

Mode

Choose either “Enforcing (IPS)” or “Reporting (IDS)” mode for the IDS/IPS service. IDS mode will alert you when blacklisted traffic is detected without taking any further action. IPS mode will automatically drop connections related to blacklisted traffic.

Scope

Choose the scope of traffic that the IDS/IPS service will inspect: either all traffic (including Internet, VPN, and Intranet destinations) or only traffic related to Internet and VPN destinations.

Update Frequency

Choose how often the IDS profile is updated and rebuilt with the latest IDS rules. This can be set from every hour to every week, depending on your needs.

Profile

Choose the IDS profile that the IDS/IPS service will use to detect blacklisted traffic. If no IDS profiles are available, click the yellow arrow icon link next to the “Profile” label, to visit the IDS Select page and create a new IDS profile.  See the IDS Select documentation for details.

LANs

Specify which LANs (including VLANs and WLANs) are monitored and/or protected by the IDS/IPS service. To enable IDS/IPS activity for a specific LAN, click the gray checkmark icon or the red stop sign icon. To disable IDS/IPS activity for a specific LAN, click the gray stop sign icon or the green checkmark icon.

Enable IDS: Inherit


Figure 3. Enable IDS with “Inherit” Selected

Setting the IDS/IPS feature to the “Inherit” option (Fig. 3) will enable or disable the feature based on the Enterprise Template(s) applied to the selected Mako. If any Enterprise Template applied to the selected Mako has IDS/IPS enabled, then IDS/IPS will be enabled. Otherwise, it will be disabled.

Enable IDS: Off


Figure 4. Enable IDS with “Off” Selected

To explicitly disable IDS/IPS for the selected Mako, choose the “Off” option, then click the “Save” button (Fig. 4). This is the default setting for the IDS/IPS feature.

Save Button

To save any changes you have made here, click the “Save” button.

Previous : Hotspots
QoS : Next
Was this post helpful?
Please let us know if this helped you find answers.
Yes
No