IPS Rules
Predefined signatures are arranged into groups based on the type of attack. By default, some signature groups are enabled while some signatures within groups would be in alert only mode and some in drop mode. Check the default settings to ensure they meet the requirements of your network traffic.
You can enable or disable signature groups or individual signatures. Disabling unneeded signatures can improve system performance and reduce the number of log messages and alert emails that the IPS generates. For example, the IPS detects a large number of web server attacks. If you do not provide access to a web server behind your GajShield Firewall, you can disable all web server attack signatures.
IPS Rules
The IP setting of all the groups have the following options
Default : by default the all the signature in the category is enabled and you can define specific signatures in that sub-group to be in either 'Alert Mode' or 'Drop Mode'
Alert : if you select Alert in the category then all the signatures in that category would be in "Alert Mode" and you cannot do any definition in the sub-group
Drops : if you select Drop in the category then all the signatures in that category would be in "Drop Mode" and you cannot do any definition in the sub-group
after making any changes in the IPS settings you need to restart the IPS engine for the changes to be applied. |