Security Services > Intrusion Prevention Service
1250
SonicOS 5.8.1 Administrator Guide
Note For complete instructions on setting up SonicWALL Intrusion Prevention Service, refer to
the
SonicWALL Intrusion Prevention Service Administrator’s Guide available on the
SonicWALL documentation Web site http://www.sonicwall.com/us/Support.html.
Selecting Security
Services > Intrusion Prevention displays the configuration settings for
SonicWALL IPS on your SonicWALL security appliance.
The Intrusion Prevention Service page is divided into three sections:
• IPS Status - displays status information on the state of the signature database, your
SonicWALL IPS license, and other information.
• IPS Global Settings - provides the key settings for enabling SonicWALL IPS on your
SonicWALL security appliance, specifying global SonicWALL IPS protection based on
three classes of attacks, and other configuration options.
• IPS Policies - allows you to view SonicWALL IPS signatures and configure the handling of
signatures by category groups or on a signature by signature basis. Categories are
signatures grouped together based on the type of attack.
After activating your Intrusion Prevention Service license, you must enable
and configure
SonicWALL IPS on the SonicWALL management interface to before intrusion prevention
policies are applied to your network traffic.
Enabling SonicWALL IPS
SonicWALL IPS must be globally enabled on your SonicWALL security appliance by checking
the Enable IPS check box in the IPS Global Settings section. A checkmark in the Enable IPS
check box turns on the service on your SonicWALL security appliance.
Note Checking the Enable IPS check box does not automatically start SonicWALL IPS protection.
You must also n the IPS Global Settings section.You must specify a Prevent All action in
the Signature Groups table to activate intrusion prevention on the SonicWALL security
appliance, and specify the interface or zones you want to protect.
Specifying Global Attack Level Protection
SonicWALL IPS allows you to globally manage your network protection against attacks by
simply selecting the class of attacks: High Priority Attacks, Medium Priority Attacks, and
Low Priority Attacks. Selecting the Prevent All and Detect All check boxes for High Priority
Attacks and Medium Priority Attacks in the Signature Groups table, and then clicking Apply
protects your network against the most dangerous and disruptive attacks. For more detailed
information on configuring global signature groups, refer to “Configuring Global Signature
Groups” in the SonicWALL Intrusion Prevention Service Administrator’s Guide available at
www.sonicwall.com/support/documentation.html
Note Leaving the High Priority Attacks, Medium Priority Attacks, and Low Priority Attacks
signature groups with no Prevent All action checked means no intrusion prevention is
occurring on the SonicWALL security appliance.