Predefined Rule

When you enable one of the Threat Prevention Software Blades, a predefined ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. is added to the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase.. The rule defines that all traffic for all network objects, regardless of who opened the connection, (the protected scope value equals any) is inspected for all protections according to the Optimized profile. By default, logs are generated and the rule is installed on all Security Gateways that use a Threat Prevention Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

The result of this rule (according to the Optimized profile) is that:

  • When an attack meets the below criteria, the protections are set to Prevent mode:

    • Confidence Level - Medium or above

    • Performance Impact - Medium or above

    • Severity - Medium or above

  • When an attack meets the below criteria, the protections are set to Detect mode:

    • Confidence Level - Low

    • Performance Impact - Medium or above

    • Severity - Medium or above

Use the Logs & Monitor page to show logs related to Threat Prevention traffic. Use the data there to better understand the use of these Software Blades in your environment and create an effective Rule Base. You can also directly update the Rule Base from this page.

You can add more exceptions that prevent or detect specified protections or have different tracking settings.