You can use Intrusion Prevention System (IPS) policies to stop unwanted activity on your internal network, such as zero-day or DDoS attacks.
To help inform how you manage your Firewall, for example, to block traffic using the source IP address, you can:
- Get Intrusion System Monitor alerts.
- View the information collected using the IPS logs.
Important
- IPS only prevents activity for internal network traffic managed by a Port forwards rule where the IPS checkbox is selected.
- Many potential alerts and log variations may be generated. Smoothwall Support won’t interpret these messages or advise on what actions to take.
Before you begin
- Check the built-in Intrusion policies and set up custom Intrusion policies if needed.
- Decide whether to log IPS data for the IPS logs:
- Go to Services > Intrusion system > Signatures.
- Select the Use syslog for Intrusion logging checkbox.
- Select Save.
Turn IPS on or off
To turn IPS off, remove all the IPS policies.
Create an IPS policy
- Go to Services > Intrusion system > IPS.
- For IPS Policy, select a policy.
- (Optional) Enter a Comment.
- Ensure Enabled is selected.
- Select Add.
Edit IPS polices
To edit a policy:
- Select the checkbox in the Mark column.
- Select Edit.
- Change any fields as needed.
- Select Add.
To have the policy not apply, but keep it in the list:
- Select the checkbox in the Mark column.
- Select Edit.
- Clear the Enabled checkbox.
- Select Add.
Delete IPS policies
To delete one or more policies:
- Select the checkboxes in the Mark column.
- Select Remove.