McAfee SG310 Administration Manual page 198

Firewall menu options
Intrusion Detection Systems
Prerequisite: Detect TCP probes must be enabled in the IDB configuration for activating scanning and
blocking. See
From the Firewall menu, click Intrusion Detection > TCP tab. The TCP page appears
1
Figure 202 IDB TCP tab
Select an option for the Network Ports scanned list:
2
• Basic – Installs a minimal selection of ports to monitor while still providing sufficient coverage to
detect many intruder scans.
• Standard (default) – Extends the Basic coverage by introducing additional monitored ports for early
detection of intruder scans.
• Strict – Installs a comprehensive selection of ports to monitor and should be sufficient to detect most
scans. The Strict setting includes all services in Standard and Basic in addition to its own unique
settings.
Security Alert:
running on the UTM Firewall unit (such as telnet) may compromise the security of the device and your
network. It is strongly recommended to use only the predefined lists of network ports (Basic, Standard, Strict).
If you have changed the current configuration, a message informs you custom changes will be lost and
3
prompts you to confirm your selection. Click Apply to accept.
Click Submit.
4
TCP network services
The predefined Basic, Standard, and Strict settings are listed in
included in the setting; an em dash (—) indicates the service is not available in a setting.
Table 16 TCP services settings
Service
40421
40425
49724
bo2k
dc
discard
198 McAfee UTM Firewall 4.0.4 Administration Guide
Configuring basic IDB.
The list of network ports can be freely edited; however, adding network ports used by services
Basic
—
—
—
—
—
—
Table
Standard Strict
X X
— X
X X
X X
— X
— X
(Figure
16. An 'X' indicates the service is
202).