Configuring quarantine responses

Use the Quarantine tab on the Responses page for the Network IPS appliance to configure responses that block intruders, including worms and Trojan horses, when the appliance detects events.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Response Tuning > Responses

Important:
  • Quarantine responses work only when you configure the appliance to run in inline protection mode.
  • The Issue ID option in predefined and custom quarantine responses works for security events only. This option does not identify traffic for other events.
  • You cannot change the settings of, rename, or remove predefined quarantine responses. Define custom quarantine responses to meet specific needs.
  • Quarantine responses generate quarantine rules to block a single IP protocol (the protocol of the offending traffic) and not all traffic.
  • Quarantine rules that are generated by quarantine responses have a default duration of one hour. You can set or change the duration for these rules when you set up responses for events.