Use the Quarantine tab
on the Responses
page for the Network IPS appliance to configure responses that block
intruders, including worms and Trojan horses, when the appliance detects
events.
About this task
Navigating
in the Network IPS Local Management Interface:
Important: - Quarantine responses work only when you configure the appliance
to run in inline protection mode.
- The Issue ID option in predefined and custom
quarantine responses works for security events only. This option does
not identify traffic for other events.
- You cannot change the settings of, rename, or remove predefined
quarantine responses. Define custom quarantine responses to meet specific
needs.
- Quarantine responses generate quarantine rules to block a single
IP protocol (the protocol of the offending traffic) and not all traffic.
- Quarantine rules that are generated by quarantine responses have
a default duration of one hour. You can set or change the duration
for these rules when you set up responses for events.