Firewall menu options
Advanced Intrusion Detection and Prevention
The more rule sets selected, the greater the load imposed on the appliance. Therefore, a conservative
rather than aggressive approach to adding rule sets should be followed initially.
Configuring Snort in IPS mode
Use this procedure to configure IPS.
From the Firewall menu, click Intrusion Detection > IPS tab. The Intrusion Prevention page appears
1
(Figure
204).
Figure 204 Snort Configuration-IPS
Select the Enabled checkbox.
2
[Recommended] To restrict memory usage for the scanning, select the Use less memory checkbox. This
3
results in slower signature detection throughput, but may be necessary if the appliance is configured to
run many services, many VPN tunnels, or both Snort IDS and IPS.
Select the checkbox or checkboxes for the Rule sets you want to enable for snort detection. All rules sets
4
are selected by default.
Click Submit.
5
Configuring Snort in IDS mode
Use this procedure to configure snort detection in IDS mode.
202
McAfee UTM Firewall 4.0.4 Administration Guide