Configuring IPS White list
The device detects the traffic in the network in real time. When a threat is detected, the device generates alarms or blocks threats. With the complexity of the network environment, the threat of the device will generate more and more warning, too much threat to the user can not start making the alarm, and many of them are false positives. By providing IPS whitelist, the system no longer reports alarms or blocks to the whitelist, thus reducing the false alarm rate of threats. The IPS whitelist consists of source address, destination address, and threat ID, and the user selects at least one item for configuration.
To configure an IPS white list :
- Select Object> Intrusion
- Click New.
- Click OK.
|Name||Specifies the white-list name.|
|Type||Select the address type, including IPv4 or IPv6.|
|Source Address||Specifies the source address of the traffic to be matched by IPS.|
|Destination Address||Specifies the destination address of the traffic to be matched by IPS.|
|Next-hop Virtual Router||Select the Next-hop VRouter from the drop-down list.|
|Signature ID||Select the signature ID from the drop-down list. A whitelist can be configured with a maximum of one threat ID. When the threat ID is not set, the traffic can be filtered based on the source and destination IP address. When user have configured threat ID, the source address, destination address and threat ID must be all matched successfully before the packets can be released.|