The IDS/IPS feature uses Suricata, a high performance Network IDS, IPS and Network Security Monitoring engine, to provide Layer 7 firewall capabilities. More information about Suricata can be found at: https://suricata-ids.org/
Intrusion Detection System (IDS) mode analyzes network traffic over the configured interfaces for rule signatures that match known attacks, and logs information about the offending traffic. Intrusion Prevention System (IPS) mode also does that analysis, but can also drop or reject traffic that matches certain rules.
To enable the IDS/IPS feature check the Enable IDS/IPS box on the IDS/IPS page. In the General Settings section the mode can be set to either IDS (Intrusion Detection System) or IPS (Intrusion Prevention System). Select which Interfaces the IDS/IPS will analyze traffic on. For some stream based traffic both the LAN and WAN interfaces that the traffic traverses need to be listed. To ensure that all traffic is analyzed add all interfaces on which a WAN or a LAN is configured
- This feature is currently disabled.
- The IDS/IPS feature is enabled but this Ecessa device is the idle member of a Hardware Failover pair.
- UP: The feature is enabled and the feature is running the latest rules based on the configuration.
- UPDATING: The feature is enabled but currently being reconfigured due to an update or configuration change. Updating may take several minutes depending on the complexity of the configuration.
- DOWN: The feature is enabled but is not running properly. Check the log for potential causes of the problem. Possible reasons for a DOWN state are:
- The service is not running
- There are rules from the new rule set which are failing to run. These rules will be displayed in the main log with a message containing ERRCODE:.
Emerging Threat Actions
In this section, you can select the action used against the threats, based on the severity given by Proofpoint