Configuring IDS Settings and Viewing Activity

This topic covers how to configure IDS and view the results produced by the IDS engine.

  1. Enable IDS and specify its settings using the Settings module Security Settings > IDS Settings > IDS Settings pane. See Figure 76.

    Figure 76: IDS Settings Page

    IDS Settings Page
  2. Enable the signatures relative to your environment.

    From the Settings module, select Security Settings > IDS Signatures for a list of signatures.

    For details, see Understanding and Configuring IDS Signatures Settings

  3. Create and apply a policy rule that mirrors traffic to the IDS engine. vGW Series gives you the ability to specify at a granular level which traffic to scan. For example, you might want to scan traffic to or from a specific VM, or traffic that uses a specific protocol.

    Note: Traffic that the firewall blocks is not inspected by the IDS engine because the connection is never established.

    A policy rule might be defined to inspect a connection for IDS but that does not imply that it accepts it. If the policy rule accepts, drops, or rejects a connection–all of which are considered terminal actions–policy scanning terminates. In this case, IDS rules that follow the rule that caused policy scanning to terminate are not processed. For IDS to take effect, the IDS rule for a connection must precede the rule that accepts the connection.

Related Documentation