Inspection Settings

Inspection Settings - General

What can I do here?

Use this window to view Threat Prevention protections and their settings.

For configuring individual inspections, see: Inspection Settings

Getting Here - Manage & Settings > Blades > General > Inspection Settings > General

Inspection Settings

You can configure inspection settings for the Firewall:

Deep packet inspection settings
Protocol parsing inspection settings
VoIP packet inspection settings

The Security Management Server comes with two preconfigured inspection profiles for the Firewall:

Default Inspection
Recommended Inspection

When you configure a Security Gateway, the Default Inspection profile is enabled for it. You can also assign the Recommended Inspection profile to the Security Gateway, or to create a custom profile and assign it to the Security Gateway.

To activate the Inspection Settings, install the Access Control Policy.

Note - In a pre-R80 SmartConsole, Inspection Settings are configured as IPS Protections.

Configuring Inspection Settings

To configure Inspection Settings:

In SmartConsole, go to the Manage & Settings > Blades view.
In the General section, click Inspection Settings.
The Inspection Settings window opens.

You can:

Edit inspection settings.
Edit user-defined Inspection Settings profiles. You cannot change the Default Inspection profile and the Recommended Inspection profile.
Assign Inspection Settings profiles to Security Gateways.
Configure exceptions to settings.

To edit a setting:

In the Inspection Settings > General view, select a setting.
Click Edit.
In the window that opens, select a profile, and click Edit.
The settings window opens.
Select the Main Action:
- Default Action - preconfigured action
- Override with Action - from the drop-down menu, select an action with which to override the default - Accept, Drop, Inactive (the setting is not activated)
Configure the Logging Settings
Select Capture Packets, if you want to be able to examine packets that were blocked in Drop rules.
Click OK.
Click Close.

To view settings for a certain profile:

In the Inspection Settings > General view, click View > Show Profiles.
In the window that opens, select Specific Inspection settings profiles.
Select profiles.
Click OK.
Only settings for the selected profiles are shown.

You can add, edit, clone, or delete custom Inspection Settings profiles.

To edit a custom Inspection Settings profile:

In the Inspection Settings > Profiles view, select a profile.
Click Delete, to remove it, or click Edit to change the profile name, associated color, or tag.
If you edited the profile attributes, click OK to save the changes.

To add a new Inspection Settings profile:

In the Profiles view, click New.
In the New Profile window that opens, edit the profile attributes:
Click OK.

To assign an Inspection Settings profile to a Security Gateway:

In the Inspection Settings > Gateways view, select a gateway, and click Edit.
In the window that opens, select an Inspection Settings profile.
Click OK.

To configure exceptions to inspection settings:

In the Inspection Settings > Exceptions view, click New to add a new exception, or select an exception and click Edit to modify an existing one.
The Exception Rule window opens.
Configure the exception settings:
- Apply To - select the Profile to which to apply the exception
- Protection - select the setting
- Source - select the source Network Object, or select IP Address and enter a source IP address
- Destination - select the destination Service Object
- Service - select Port/Range, TCP or UDP, and enter a destination port number or a range of port numbers
- Install On - select a gateway on which to install the exception
Click OK.

To enforce the changes, install the Access Control Policy.

Inspection Settings Table

Column	Description
Protection	Name of the protection
Performance Impact	How much this protection and its resources affect gateway or server performance
Profile	Displays profiles created on the Profiles page