Use The Intrusion Prevention System - NETGEAR UTM9S Reference Manual

Use the Intrusion Prevention System

The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in
real time, network attacks and port scans and to protect your network from such intrusions.
You can set up alerts, block source IP addresses from which port scans are initiated, and
drop traffic that carries attacks. You can configure detection of and protection from specific
attacks such as web, email, database, malware, and other attacks. The IPS differs from the
malware scan mechanism (see
monitors individual packets, whereas the malware scan mechanism monitors files.
The IPS also allows you to configure port scan detection to adjust it to your needs and to
protect the network from unwanted port scans that could compromise the network security.
The IPS is disabled by default.

To enable intrusion prevention and configure port scan detection:
1. Select Network Security > IPS. The IPS submenu tabs display, with the Global screen
in view.
Figure 101.
2. To enable the IPS, select the ON radio button. The default setting is OFF.
3. Configure port scan detection by selecting one of the following radio buttons:
• OFF. Port scan detection is disabled. This is the default setting.
• ALERT. When a port is scanned, an alert is emailed to the administrator that is
specified in the Email Notification screen.
• Block Source IP. When a port is scanned, the IP address of the PC or device that
scans the port is blocked for the duration that you specify in the Seconds field. The
default setting is 300 seconds.
4. Click Apply to save your settings.
Note: Traffic that passes on the UTM's VLANs and on the secondary IP
addresses that you have configured on the LAN Multi-homing
screen (see
page 104) is also scanned by the IPS.
ProSecure Unified Threat Management (UTM) Appliance
Configure Web Malware Scans
Configure Multihome LAN IPs on the Default VLAN
Firewall Protection
on page 197) in that it
172
on