Filter
Top Products
Firewall Protection
187
ProSecure Unified Threat Management (UTM) Appliance
Enable and Configure the Intrusion Prevention System
The intrusion prevention system (IPS) of the UTM monitors all network traffic to detect, in real
time, distributed denial-of-service (DDoS) attacks, network attacks, and port scans, and to
protect your network from such intrusions. You can set up alerts, block source IP addresses
from which port scans are initiated, and drop traffic that carries attacks. You can configure
detection of and protection from specific attacks such as web, email, database, malware, and
other attacks. The IPS differs from the malware scan mechanism (see Configure Web
Malware or Antivirus Scans on page 216) in that it monitors individual packets, whereas the
malware scan mechanism monitors files.
The IPS also allows you to configure port scan detection to adjust it to your needs and to
protect the network from unwanted port scans that could compromise the network security.
The IPS is disabled by default.
To enable intrusion prevention:
1. Select Network Security > IPS. The IPS screen displays (see Figure 106 on page 189
and Figure 107 on page 190).
2. To enable the IPS, select the Yes radio button in the IPS section of the screen. The default
setting is No.
3. Click Apply to save your settings.
Note: When you enable the IPS, the default IPS configuration goes into
effect. The default IPS configuration is the configuration that the IPS
screen returns to when you press the Factory Defaults reset button.
To configure intrusion prevention:
1. Select Network Security > IPS. The IPS screen displays (see Figure 106 on page 189
and Figure 107 on page 190).
2. Enter the settings as explained in the following table:
Table 39. IPS screen settings
Setting Description
Anomaly Behavior Settings
Detect Port Scans Detect the action that is taken when the UTM detects a port scan:
• Alert. An alert is emailed to the administrator that is specified on the Email
Notification screen.
• Disable. Port scan detection is disabled. This is the default setting.
• Block Source IP for. The IP address of the computer that scans the port is
blocked for the duration that you specify in the Seconds field. The default setting
is 300 seconds.