Configuring Threat Prevention Policy Exceptions
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|281
Configuring Threat Prevention Policy
Exceptions
In the Threat Prevention > Threat Prevention Exceptions page you can configure exception
rules for traffic which the IPS engine and malware engine for Anti-Virus and Anti-Bot do not
inspect.
Threat Prevention Exceptions
To add a new Threat Prevention exception rule:
1. In the IPS Exceptions section, click New > Add.
2. Click one of the available positioning options for the rule: Top Rule, Bottom Rule, Above
Selected, or Under Selected.
3. Configure these fields:
n
Scope – For Threat Prevention blades only. Threat Prevention inspects traffic to
and/or from all objects specified in the Scope, even when the specified object did
not open the connection. Can include network object, network object groups, IP
address ranges and local users.
Select either Any or a specific scope from the list. If necessary, you can create a
New network object, network object group, or local user.
If it is necessary to negate a specified scope, select the scope and select the Any
Scope except checkbox.
For example, if the scope of the exception should include all scopes except for the
DMZ network, select DMZ network and select the Any Scope except checkbox.
n
Source – Network object that initiates the connection.
n
Destination - Network object that is the target of the connection.
Options include: FQDN, Updatable objects
To add an updatable object, double click and import the new updatable object. For
more information, see
"Updatable Objects" on page221
.
Note - This relies on an external database for updatable objects and some
IPs might not be listed under FQDN or updatable objects.
n
Protection – In the Blades tab, select Any for all or for a specific blade. In the IPS
protections tab, select a specific IPS protection from the list.
To Next Page
Loading...
