Excluding Protections

The IPS profile can include protections that are not necessary for the network. You can exclude unnecessary IPS protections for the application or service and improve network performance. For example, if an organization does not use VoIP services, exclude the IPS protections for VoIP traffic.

Exclude a Protection Category

IPS Protections are classified into categories of applications and protocols that they protect. If there are applications that are not used in the network, you can exclude the appropriate category of IPS protections.

To exclude an IPS category:

1. From the navigation tree in the IPS tab, click Profiles.

   The Profiles window opens.

2. Double-click the profile.

   The General page of the Profile Properties window opens.

3. From the navigation tree, click IPS Policy.
4. From the Protections to Deactivate section, click Do not activate protections categories.
5. Click Configure.

   The Non-Auto Activation window opens.

6. Click Add.
7. Select the category of IPS protections that you are excluding.
8. Click OK.
9. Install the policy.

Exclude a Specified Protection

Often it is not possible to exclude an entire category of IPS protections. However, you can still exclude individual protections for:

• An application or a feature that you do not use
• An application that is non-vulnerable because it is a fully patched version

To safely exclude protections, make sure that you have all the data about the applications and services that run in the network. It must be up-to-date, and include data about software versions and patches.

To exclude a specified IPS protection:

1. From the navigation tree in the IPS tab, click Network Exceptions.

   The Network Exceptions window opens.

2. Click New.

   The Add/Edit Exception Rule window opens.

3. From Profile, select the active profile.
4. From Protection, click Single protection.
5. Click Select.

   The Select Protection window opens.

6. Select the IPS protection that you are excluding.
7. Click OK.
8. From the Install On section, click Apply this exception.
9. From the drop-down menu, select the gateway.
10. Click OK.
11. Install the policy.