SonicWALL TZ 190 Setting Up SonicWALL Intrusion Prevention Service Protection

Security Services > Intrusion Prevention Service

742

SonicOS Enhanced 4.0 Administrator Guide

Setting Up SonicWALL Intrusion Prevention Service Protection

Activating the SonicWALL Intrusion Prevention Service license on your SonicWALL security

appliance does not automatically enable the protection. To configure SonicWALL Intrusion

Prevention Service to begin protecting your network, you need to perform the following steps:

Step 1 Enable SonicWALL Intrusion Prevention Service.

Step 2 Specify the Priority attack Groups.

Step 3 Apply SonicWALL Intrusion Prevention Service Protection to Zones.

Note For complete instructions on setting up SonicWALL Intrusion Prevention Service, refer to

the SonicWALL Intrusion Prevention Service Administrator’s Guide available on the

SonicWALL documentation Web site http://www.sonicwall.com/us/Support.html.

Selecting Security Services > Intrusion Prevention displays the configuration settings for

SonicWALL IPS on your SonicWALL security appliance.

The Intrusion Prevention Service page is divided into three sections:

• IPS Status - displays status information on the state of the signature database, your

SonicWALL IPS license, and other information.

• IPS Global Settings - provides the key settings for enabling SonicWALL IPS on your

SonicWALL security appliance, specifying global SonicWALL IPS protection based on

three classes of attacks, and other configuration options.

• IPS Policies - allows you to view SonicWALL IPS signatures and configure the handling of

signatures by category groups or on a signature by signature basis. Categories are

signatures grouped together based on the type of attack.

After activating your Intrusion Prevention Service license, you must enable and configure

SonicWALL IPS on the SonicWALL management interface to before intrusion prevention

policies are applied to your network traffic.

SonicWALL IPS must be globally enabled on your SonicWALL security appliance by checking

the Enable IPS check box in the IPS Global Settings section. A checkmark in the Enable IPS

check box turns on the service on your SonicWALL security appliance.

Note Checking the Enable IPS check box does not automatically start SonicWALL IPS protection.

You must also n the IPS Global Settings section.You must specify a Prevent All action in

the Signature Groups table to activate intrusion prevention on the SonicWALL security

appliance, and specify the interface or zones you want to protect.

SonicWALL IPS allows you to globally manage your network protection against attacks by

simply selecting the class of attacks: High Priority Attacks, Medium Priority Attacks, and

Low Priority Attacks. Selecting the Prevent All and Detect All check boxes for High Priority

Attacks and Medium Priority Attacks in the Signature Groups table, and then clicking Apply

protects your network against the most dangerous and disruptive attacks. For more detailed