Print Download Complete help as Archive Send Feedback

Previous

Next

Inspection Settings - General

What can I do here?

Use this window to view Threat Prevention protections and their settings.

For configuring individual inspections, see: Inspection Settings

Getting Here

Getting Here - Manage & Settings > Blades > General > Inspection Settings > General

 

Inspection Settings

You can configure inspection settings for the Firewall:

The Security Management Server comes with two preconfigured inspection profiles for the Firewall:

When you configure a Security Gateway, the Default Inspection profile is enabled for it. You can also assign the Recommended Inspection profile to the Security Gateway, or to create a custom profile and assign it to the Security Gateway.

To activate the Inspection Settings, install the Access Control Policy.

Note - In a pre-R80 SmartConsole, Inspection Settings are configured as IPS Protections.

Configuring Inspection Settings

To configure Inspection Settings:

  1. In SmartConsole, go to the Manage & Settings > Blades view.
  2. In the General section, click Inspection Settings.

    The Inspection Settings window opens.

You can:

To edit a setting:

  1. In the Inspection Settings > General view, select a setting.
  2. Click Edit.
  3. In the window that opens, select a profile, and click Edit.

    The settings window opens.

  4. Select the Main Action:
    • Default Action - preconfigured action
    • Override with Action - from the drop-down menu, select an action with which to override the default - Accept, Drop, Inactive (the setting is not activated)
  5. Configure the Logging Settings

    Select Capture Packets, if you want to be able to examine packets that were blocked in Drop rules.

  6. Click OK.
  7. Click Close.

For advanced configuration of SYN attacks, please see sk120476.

To view settings for a certain profile:

  1. In the Inspection Settings > General view, click View > Show Profiles.
  2. In the window that opens, select Specific Inspection settings profiles.
  3. Select profiles.
  4. Click OK.

    Only settings for the selected profiles are shown.

You can add, edit, clone, or delete custom Inspection Settings profiles.

To edit a custom Inspection Settings profile:

  1. In the Inspection Settings > Profiles view, select a profile.
  2. Click Delete, to remove it, or click Edit to change the profile name, associated color, or tag.
  3. If you edited the profile attributes, click OK to save the changes.

To add a new Inspection Settings profile:

  1. In the Profiles view, click New.
  2. In the New Profile window that opens, edit the profile attributes:
  3. Click OK.

To assign an Inspection Settings profile to a Security Gateway:

  1. In the Inspection Settings > Gateways view, select a gateway, and click Edit.
  2. In the window that opens, select an Inspection Settings profile.
  3. Click OK.

To configure exceptions to inspection settings:

  1. In the Inspection Settings > Exceptions view, click New to add a new exception, or select an exception and click Edit to modify an existing one.

    The Exception Rule window opens.

  2. Configure the exception settings:
    • Apply To - select the Profile to which to apply the exception
    • Protection - select the setting
    • Source - select the source Network Object, or select IP Address and enter a source IP address
    • Destination - select the destination Service Object
    • Service - select Port/Range, TCP or UDP, and enter a destination port number or a range of port numbers
    • Install On - select a gateway on which to install the exception
  3. Click OK.

To enforce the changes, install the Access Control Policy.

Inspection Settings Table

Column

Description

Protection

Name of the protection

Performance Impact

How much this protection and its resources affect gateway or server performance

Profile

Displays profiles created on the Profiles page