Protection domains let you define security or user-defined
policies for different network segments monitored by a single appliance.
Protection domains act like virtual sensors, as though you had several
appliances monitoring the network. You can define protection domains
by interfaces, VLans, or IP addresses.
Global protection domain
Each appliance has
a global protection domain that cannot be deleted. All events are
listed under the global protection domain. Use the global policy to
configure events to be applied across all segments of the network.
When the appliance uses the global policy, it handles events in the
same way for all areas of your network.
If you want to configure polices for specific segments on
your network, create protection domains for each segment.
Note: Always
enable rules for flood and sweep events in the global protection domain.
Flood and sweep attacks generally affect multiple targets which are
potentially spread across protection domains. Enable these rules in
the global protection domain to help ensure these attacks are detected
and reported correctly.