Use Secure Protection Settings to
monitor network traffic and block attacks. After you set them, these
settings seldom change. However, you might occasionally complete maintenance
tasks to keep the appliance properly configured.
Configuring security modules
Use the Security Modules options on
your Network
IPS appliance
to configure features that analyze suspect content, protect web applications,
and enable X-Force® Virtual Patch® functionality.
Configuring advanced IPS options
Use the Advanced IPS options on the Network
IPS appliance
to configure settings that tune intrusion prevention system settings
specifically to meet security requirements. Configure options such
as protection domains, security events, user-defined events, OpenSignatures,
connection events, tuning parameters, and the integrated SNORT system.
Configuring response tuning
Use Response Tuning on the Network
IPS appliance
to configure quarantine rules, to set responses to events, to tune
responses in your security policies with response filters, and to
configure rolling packet capture settings.
About the block response
The block response is a default response that blocks attacks
by dropping packets and sending resets to TCP connections.
About the ignore response
Set the ignore response to configure the appliance to disregard
packets that match criteria that are specified within a security event
or a response filter.
About log evidence
The appliance uses log evidence, along with the rolling
packet capture feature, to gather evidence about suspicious events.