and monitor sites that attempt access to restricted ports on
your network.
Configuring a service to temporarily block
sites
Configure the service to automatically block sites that
attempt to connect using a denied service. From Policy
Manager:
1
Double-click the service icon in the Services Arena.
The Properties dialog box appears.
2
Use the Incoming service Connections Are drop list to
select Enabled and Denied.
3
Select the checkbox marked Auto-block sites that
attempt to connect via service, located at the bottom of
the dialog box.
Viewing the Blocked Sites list
The Blocked Sites list is a compilation of all sites
currently blocked by the Firebox. Use Firebox
Monitors to view sites that are automatically
blocked according to a service's property configuration.
From System Manager, click the Blocked Site List tab at
the bottom of the graph. (You might need to use the arrows
to access this tab.)
Integrating Intrusion Detection
Intrusion detection is an important component of a
defense-in-depth security policy. A good intrusion detec-
tion system (IDS) examines over time the source, destina-
tion, and type of traffic directed at your network and
compares it against known patterns of attack. When a
match occurs, it tells you the nature of the attack and rec-
ommends possible courses of action.
User Guide
Integrating Intrusion Detection
193