When you create a network where numerous machines are deployed, security is of paramount concern. With IDS/IPS, you can detect attacks. This detection implements a security layer to all communications and cordons your systems from unwanted intrusions or attack. You can also take actions like blocking the attackers for certain time, and send an alert message to the administrator.
The IDS/IPS feature is available only in the clients with Microsoft Windows.
You can create different policies with varying IDS/IPS settings and apply them to the groups so that each has separate policies based on the requirement.
To configure policy for IDS/IPS, follow these steps:
- Create Container/feature policy for IDS/IPS.
- In the Host IDS/IPS section, enable one of the following options by selecting the check box:
- IDS/IPS Rules. By default, this option is selected.
- Detect Port Scanning Attack
- Detect DDOS (Distributed Denial of Service) Attack
- From the following options, select an action to be performed when attack is detected:
- Block Attackers IP for … Minutes. By default, this option is selected and 5 minutes are set. Select the time, if required.
- Disconnect endpoint from the network (only in case of DDOS and Port Scanning attack).
- Display alert message when attack is detected. This option helps you to take an appropriate action when attack is detected.
- To save your settings, click Save Policy.
Importantly, if you have customized the settings and later you want to revert to the default settings, click the Reset Default button.