Configuring Threat Prevention Policy Exceptions
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 201
Configuring Threat Prevention Policy Exceptions
In the Threat Prevention > Threat Prevention Exceptions page you can configure exception rules for traffic
which the IPS engine and malware engine for Anti-Virus and Anti-Bot do not inspect.
Threat Prevention Exceptions
To add a new Threat Prevention exception rule:
1. In the IPS Exceptions section, click New > Add.
2. Configure these fields:
n
Scope – For Threat Prevention blades only. Threat Prevention inspects traffic to and/or from all
objects specified in the Scope, even when the specified object did not open the connection.
Can include network object, network object groups, IP address ranges and local users.
Select either Any or a specific scope from the list. If necessary, you can create a New network
object, network object group, or local user.
If it is necessary to negate a specified scope, select the scope and select the Any Scope except
checkbox.
For example, if the scope of the exception should include all scopes except for the DMZ
network, select DMZ network and select the Any Scope except checkbox.
n
Source – Network object that initiates the connection.
n
Destination - Network object that is the target of the connection.
n
Protection – In the Blades tab, select Any for all or for a specific blade. In the IPS protections
tab, select a specific IPS protection from the list.
n
Service/Port - Type of network service. If you make an exception for a specified protection on a
specific service/port, you might cause the protection to be ineffective.
n
Action - Select the applicable action to enforce on the matching traffic: Ask, Prevent, Detect or
Inactive. See the Threat Prevention > Threat Prevention Blade Control page for a description
of the action types.
n
Log - Select the tracking option: None, Log, or Alert. Logs are shown on the Logs &
Monitoring > Security Logs page. An alert is a flag on a log. You can use it to filter logs.
3. Optional - Add a comment in the Write a comment field.
4. Click Apply.
allowlists
You can set specified files and URLs that the Anti-Virus, Anti-Bot and Threat Emulation blades do not scan
or analyze. For example, if there are files that you know are safe but can create a false positive when
analyzed, add them to the Files allowlist.
Threat Emulation only: You can set specified email addresses that the blade does not scan and add them to
the Email Addresses allowlist.
To Next Page
Loading...
Need help?
General
