An IDPS profile is a set of relevant signatures used for detecting intrusions and protecting certain services. Using flexible filters, you can add signature groups from the IDPS signature library to a profile. One profile can include multiple filters at once.
For each signature in the IDPS profile, you can individually configure an action to take, logging, and saving to a PCAP file as well as enable/disable the signature. Editing the signature settings in the IDPS profile has a greater priority than editing the settings for the same signatures on the IDPS signature page. If you have modified the settings of a system IDPS signature created by UserGate, you can restore the defaults by selecting the signature in the IDPS profile's list and clicking Restore default.
IDPS profiles are added to firewall rules. The administrator can create the desired number of IDPS profiles to protect various services. It is recommended to limit the number of signatures in the profile only to those that are necessary for protecting the service. For example, to protect a service that uses the TCP protocol, you should not add signatures developed for UDP. A large number of signatures increases the traffic processing time and CPU load.
To configure IDPS profiles, go to the Libraries ➜ IDPS profiles section, create a profile, and add the desired signatures to it from the IDPS signature library using a filter.
Name |
Description |
---|---|
Name |
IPS profile name. |
Description |
IPS profile description. |
Filters |
The filters using to select the desired IDPS signatures from the signature library. When adding signatures to an IDPS profile, the administrator has the flexibility to filter signatures; for example, to select only those that have a very high risk, use TCP protocol, and belong to the category "botcc" and class "all". Multiple filters can be used in a single profile. |