Use the Quarantine Rules page for the Network IPS appliance to add new rules and to view rules that are dynamically generated in response to detected intruder events. These rules prevent worms from spreading and deny access to systems that are infected with backdoors or Trojan horses.
Single-click blocking: From the Security Alerts Logs page, you can click an event and select to Block Intruder. This option adds a rule to the Quarantine Rules page for the source IP address that are reported in the event. The appliance blocks all traffic to and from that IP address for the time specified in the rule. You must delete quarantine rules that are added by the single-click blocking feature when the rules no longer apply. Otherwise, the appliance removes the rules automatically when the rules expire.