Use the Quarantine Rules page on your Network IPS appliance to add new rules and to view rules dynamically generated in response to detected intruder events. These rules prevent worms from spreading and deny access to systems that are infected with back doors or Trojan horses.
Single-click blocking From the Security Alerts Logs page, you can click an event and select to Block Intruder. This option adds a rule to the Quarantine Rules page for the source IP address reported in the event. The appliance blocks all traffic to and from that IP address for the time specified in the rule. Delete quarantine rules added by the single-click blocking feature when they no longer apply. Otherwise, the appliance removes the rules automatically when the rules expire.