You are here: Webhelp > Threat Prevention > IPS > Configuring IPS

Configuring IPS

This chapter includes the following sections:

  • Preparation for configuring IPS function
  • Configuring IPS function

Preparation

Before enabling IPS, make the following preparations:

  1. Make sure your system version supports IPS.
  2. Import an Intrusion Prevention System (IPS) license and reboot. The IPS will be enabled after the rebooting.
 Except M8860/M8260/M7860/M7360/M7260, if IPS is enabled, the max amount of concurrent sessions will decrease by half.

Configuring IPS Function

The IPS configurations are based on security zones or policies.

  • To perform the IPS function on the HTTPS traffic, see the policy-based IPS.

To realize the zone-based IPS, take the following steps:

  1. Create a zone. For more information, refer to Security Zone.
  2. In the Zone Configuration page, expand Threat Protection.
  3. Enable the IPS you need and select an IPS rules from the profile drop-down list below, or you can click from the profile drop-down list below. To create an IPS rule, see Configuring_an_IPS_Rule.
  4. Click a direction (Inbound, Outbound, Bi-direction). The IPS rule will be applied to the traffic that is matched with the specified security zone and direction.

To realize the policy-based IPS, take the following steps:

  1. Create a policy rule. For more inform action, refer to Security Policy.
  2. In the Policy Configuration page, expand Protection.
  3. Click the Enable button of IPS. Then select an IPS rule from the Profile drop-down list, or you can click from the Profile drop-down list to create an IPS rule. For more information, see Configuring_an_IPS_Rule.
  1. To perform the IPS function on the HTTPS traffic, you need to enable the SSL proxy function for the above specified security policy rule. System will decrypt the HTTPS traffic according to the SSL proxy profile and then perform the IPS function on the decrypted traffic.
  2. Click OK to save the settings.

Configuring an IPS Rule

System has three default IPS rules: predef_default , predef_loose and predef_critical.

  • The predef_default rule includes all the IPS signatures and its default action is reset.
  • The predef_loose includes all the IPS signatures and its default action is log only.
  • The predef_critical includes all the IPS signatures with high severity and its default action is log only.

To configure an IPS rule, take the following steps:

  1. Select Object > Intrusion Prevention System > Profile.
  2. Click New to create a new IPS rule. To edit an existing one, select the check box of this rule and then click Edit. To view it, click the name of this rule.
  3. Type the name into the Rule name box.
  4. According to your requirements, click the Enable button of Global Packet Capture to capture packets.
  5. Type the description information into the Description text box.
  6. In the Signature Set area, the existing signature sets and their settings will be displayed in the table. Select the desired signature sets. You can also manage the signature sets, including New, Edit, and Delete.
  7. Click OK to complete signature set configurations.
  8. In the Disabled Signature area, the signatures that are Disabled in the template will be shown. Select one or more signatures, and then click the Enable button to re-enable the signature.
  9. In the Protocol Configuration area, click . The protocol configurations specify the requirements that the protocol part of the traffic must meet. If the protocol part contains abnormal contents, system will process the traffic according to the action configuration. System supports the configurations of HTTP, DNS, FTP, MSRPC, POP3, SMTP, SUNRPC, and Telnet.
  10. Click Save to complete the protocol configurations.
  11. Click OK to complete the IPS rule configurations.

Cloning an IPS Rule

System supports the rapid cloning of an IPS rule. The user can generate a new IPS rule by modifying some parameters of the cloned IPS rule.

To clone an IPS rule, take the following steps:

  1. Select Object > Intrusion Prevention System > Profile.
  2. Select an IPS rule in the list.
  3. Click Clone above the list, the Name configuration box will appear below the button, enter the name of the cloned IPS rule.
  4. A cloned IPS rule will be generated in the list.