Create a custom quarantine response if the predefined responses
do not meet specific blocking requirements.
About this task
Important: - Quarantine responses work only when you configure the appliance
to run in inline protection mode.
- The Issue ID option in predefined and custom
quarantine responses works for security events only. This option does
not identify traffic for other events.
- You cannot change the settings of, rename, or remove predefined
quarantine responses. Define custom quarantine responses to meet specific
needs.
- Quarantine responses generate quarantine rules to block a single
IP protocol (the protocol of the offending traffic) and not all traffic.
- Quarantine rules generated by quarantine responses have a default
duration of one hour. You can set or change the duration for these
rules when you set up responses for events.
Procedure
- Click the Quarantine tab.
- Click the Add icon.
Tip: You can edit some properties directly.
- Configure the following options:
Option |
Description |
Name |
Specifies a meaningful name for the response. Tip: This name presents when you select
responses for events, so give the response an easily identifiable
name.
|
Victim Address |
Enables the appliance to block packets based on target IP
address. |
Victim Port |
Enables the appliance to block packets based on target TCP
or UDP port. |
Intruder Address |
Enables the appliance to block packets based on source IP
address. |
Intruder Port |
Enables the appliance to block packets based on source TCP
or UDP port. |
ICMP Code |
Enables the appliance to block packets based on the ICMP code
number. |
ICMP Type |
Enables the appliance to block packets based on the ICMP type
number. |
Issue ID |
Enables the appliance to block packets related to a specific
security event. Note: This option functions for only security events
and not for any other type of event.
|
- Click OK.