Intrusion Prevention System FAQ

Table of Contents
Click an item to jump directly to that question.

  1. Why is the application not installed by default?
  2. I enabled my IPS application, but where are the rules located to block unwanted traffic?
  3. There are a lot of rules here! What do all these terms mean?
  4. I have enabled logging, but how do I block potential attacks?
  5. I enabled some rules and my traffic is being blocked. How can I see which rule is blocking it?
  6. Why does IPS only log by default?

 

1. Why is the application not installed by default?

Untangle does not have any applications installed by default: we leave it up to our customers to determine which applications they would like to use.

Depending on its configuration, Intrusion Prevention can also have a high system resource cost, which can impact the performance of lower-specced systems.

 

2. I enabled my IPS application, but where are the rules located to block unwanted traffic?

Within the IPS application, there is a Rules tab along the top. From here you can see various categories that each contain a list of rules designed to block a specific kind of potentially intrusive behavior.

 

3. There are a lot of rules here! What do all these terms mean?

When viewing the various rules within the IPS application, there is a reference option under most of the defined rules. You can click the small magnifying glass icon to open a separate webpage with relevant information about that rule.

 

4. I have enabled logging, but how do I block potential attacks?

From within the IPS application you will select the Rules tab. From there you are able to expand each section and select the rules you would like to enable. There may be multiple rules to enable under each section; each checkbox will have to be selected prior to saving your changes.

 

5. I enabled some rules and my traffic is being blocked. How can I see which rule is blocking it?

Once you navigate into the Reports section, select the Intrusion Prevention reports. From there you choose the "Blocked Events" report. This will display each event that has been blocked by IPS, and the "Msg" column will show you which rule in particular is blocking that event. Use the "Category" column to find the section within IPS to locate the rule(s).

 

6. Why does IPS only log by default?

You can find information on why blocking is not enabled by default in this article:

https://support.untangle.com/hc/en-us/articles/202133948-Why-do-Intrusion-Prevention-s-rules-only-log-by-default-

 

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk