Follow

IDS/IPS Overview


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

The IDS/IPS feature uses Suricata, a high performance Network IDS, IPS and Network Security Monitoring engine, to provide Layer 7 firewall capabilities.  More information about Suricata can be found at: https://suricata-ids.org/

Intrusion Detection System (IDS) mode analyzes network traffic over the configured interfaces for rule signatures that match known attacks, and logs information about the offending traffic. Intrusion Prevention System (IPS) mode also does that analysis, but can also drop or reject traffic that matches certain rules.

To enable the IDS/IPS feature check the Enable IDS/IPS box on the IDS/IPS page.  In the General Settings section the mode can be set to either IDS (Intrusion Detection System) or IPS (Intrusion Prevention System).  Select which Interfaces the IDS/IPS will analyze traffic on.  For some stream based traffic both the LAN and WAN interfaces that the traffic traverses need to be listed.  To ensure that all traffic is analyzed add all interfaces on which a WAN or a LAN is configured

IDS/IPS Status

  • N/A:
    • This feature is currently disabled.
    • The IDS/IPS feature is enabled but this Ecessa device is the idle member of a Hardware Failover pair.
  • UP: The feature is enabled and the feature is running the latest rules based on the configuration.
  • UPDATING: The feature is enabled but currently being reconfigured due to an update or configuration change.  Updating may take several minutes depending on the complexity of the configuration.
  • DOWN: The feature is enabled but is not running properly.  Check the log for potential causes of the problem.  Possible reasons for a DOWN state are:
    • The service is not running
    • There are rules from the new rule set which are failing to run. These rules will be displayed in the main log with a message containing ERRCODE:.

Emerging Threat Actions

In this section, you can select the action used against the threats, based on the severity given by Proofpoint

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.