When you create a network where numerous machines are deployed, security is of paramount concern. With IDS/IPS, you can detect attacks. This detection implements a security layer to all communications and cordons your systems from unwanted intrusions or attack. You can also take actions like blocking the attackers for certain time, and send an alert message to the administrator.
The IDS/IPS feature is available only in the clients with Microsoft Windows.
You can create different policies with varying IDS/IPS settings and apply them to the groups so that each has separate policies based on the requirement.
To configure policy for IDS/IPS, follow these steps:
- Create Container/feature policy for IDS/IPS.
- In the Host IDS/IPS section, enable IDS/IPS Rules by selecting the check box. By default, this option is selected.
- Select the Detect Port Scanning Attack check box, if required.
- Select the Detect DDOS (Distributed Denial of Service) Attack check box, if required.
- From the following options, select an action to be performed when attack is detected:
- Block Attackers IP for … Minutes. By default, this option is selected and 5 minutes are set. Select the time, if required.
- Display alert message when attack is detected. This option helps you to take an appropriate action when attack is detected.
- To save your settings, click Save Policy.
Importantly, if you have customized the settings and later you want to revert to the default settings, click the Reset Default button.