Table of Contents
Advertisement
Firewall menu options
Intrusion Detection Systems
Configuring basic IDB
From the Firewall menu, click Intrusion Detection. The IDB Configuration page appears
1
Figure 201 IDB Configuration
[Optional] To monitor dummy TCP services, select the Detect TCP probes checkbox.
2
[Optional] To blocks hosts attempting to connect to TCP services, select the Block sites probing TCP
3
ports checkbox. Connection attempts are logged under the Scanning Hosts pane.
[Optional] To monitor dummy UDP services, select the Detect UDP probes checkbox.
4
[Optional] To blocks hosts attempting to connect to UDP services, select the Block sites probing UDP
5
ports checkbox. Connection attempts are logged under Scanning Hosts.
Specify the number of times a host is permitted to attempt to connect to a monitored service before being
6
blocked in the Trigger count before blocking field. This option only takes effect when one of the
blocking options is enabled. The trigger count value should be between 0 and 2 (zero represents an
immediate blocking of probing hosts). Larger settings mean more attempts are permitted before blocking
and although allowing the attacker more latitude; these settings reduce the number of false positives.
• Default: 0
• Range: 0-2
[Optional] Enter the IP addresses of trusted servers and hosts in the Addresses to ignore for
7
detection and block purposes text box.The IDB ignores the list of host IP addresses. You can freely
edit the list; however, you cannot remove the addresses 0.0.0.0 and 127.0.0.1 since they represent the
IDB host. You can enter IP addresses as a range.
Click Submit.
8
Selecting TCP dummy services
Use this procedure to set the network ports scanned for TCP services. You can choose Basic, default
Standard, or Strict settings, and add your own custom entries. To view a list of the services available for
each setting, see
Table 16 on page
McAfee UTM Firewall 4.0.4 Administration Guide
198.
(Figure
201).
197
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
