Firewall Protection
178
ProSecure Unified Threat Management (UTM) Appliance
Use the Intrusion Prevention System
The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in
real time, distributed denial-of-service (DDoS) attacks, network attacks, and port scans, and
to protect your network from such intrusions. You can set up alerts, block source IP
addresses from which port scans are initiated, and drop traffic that carries attacks. You can
configure detection of and protection from specific attacks such as web, email, database,
malware, and other attacks. The IPS differs from the malware scan mechanism (see
Configure Web Malware Scans on page 202) in that it monitors individual packets, whereas
the malware scan mechanism monitors files.
The IPS also allows you to configure port scan detection to adjust it to your needs and to
protect the network from unwanted port scans that could compromise the network security.
The IPS is disabled by default.
 To enable intrusion prevention:
1. Select Network Security > IPS. The IPS screen displays (see Figure 104 on page 180
and Figure 105 on page 181).
2. To enable the IPS, select the Yes radio button in the IPS section of the screen. The default
setting is No.
3. Click Apply to save your settings.
Note: When you enable the IPS, the default IPS configuration goes into
effect. The default IPS configuration is the configuration that the IPS
screen returns to when you click the factory default reset button.
 To configure intrusion prevention:
1. Select Network Security > IPS. The IPS screen displays (see Figure 104 on page 180
and Figure 105 on page 181).
2. Enter the settings as explained in the following table:
Table 39. IPS screen settings
Setting Description
Anomaly Behavior Settings
Detect Port Scans Detect the action that is taken when the UTM detects a port scan:
• Alert. An alert is emailed to the administrator that is specified on the Email
Notification screen.
• Disable. Port scan detection is disabled. This is the default setting.
• Block Source IP for. The IP address of the computer that scans the port is
blocked for the duration that you specify in the Seconds field. The default setting
is 300 seconds.
To Next Page
Loading...
Need help?
General