The Network IPS
appliance supports custom quarantine responses
if the predefined responses do not meet specific blocking requirements.
About this task
Important: - Quarantine responses work only when you configure the appliance
to run in inline protection mode.
- The Issue ID option in predefined and custom
quarantine responses works for security events only. This option does
not identify traffic for other events.
- You cannot change the settings of, rename, or remove predefined
quarantine responses. Define custom quarantine responses to meet specific
needs.
- Quarantine responses generate quarantine rules to block a single
IP protocol (the protocol of the offending traffic) and not all traffic.
- Quarantine rules that are generated by quarantine responses have
a default duration of one hour. You can set or change the duration
for these rules when you set up responses for events.
Procedure
- Click the Quarantine tab.
- Click the Add icon.
Tip: You can edit some properties directly.
- Configure the following options:
Option |
Description |
Name |
Specifies
a meaningful name for the response. |
Victim
Address |
Enables the appliance to block packets based
on target IP
address. |
Victim Port |
Enables
the appliance to block packets based on target TCP
or UDP port. |
Intruder Address |
Enables the appliance to block packets based on source IP
address. |
Intruder Port |
Enables the appliance to block packets based on source TCP
or UDP port. |
ICMP Code |
Enables the appliance to block packets based on the ICMP code
number. |
ICMP Type |
Enables
the appliance to block packets based on the ICMP type
number. |
Issue ID |
Enables
the appliance to block packets related to a specific
security event. Note: This option functions for only security events
and not for any other type of event.
|
- Click OK.