Threat Prevention: Difference between revisions
Bcarmichael (talk | contribs) No edit summary |
Bcarmichael (talk | contribs) No edit summary |
||
| Line 19: | Line 19: | ||
|[http://forums.untangle.com/threatprevention/ Threat Prevention Forums] | |[http://forums.untangle.com/threatprevention/ Threat Prevention Forums] | ||
|- | |- | ||
|[[ | |[[Threat Prevention Reports]] | ||
|- | |- | ||
|[[ | |[[Threat Prevention FAQs]] | ||
|} | |} | ||
|} | |} | ||
Revision as of 22:59, 21 January 2020
 Threat Prevention
|
|
About ThreatPrevention
ThreatPrevention provides traditional threatprevention functionality, blocking and/or flagging traffic based on rules.
The term "ThreatPrevention" has grown to encompass many functionalities and has a wide array of meanings. The "threatprevention" is often use interchangeably with "router" "gateway" and "UTM" or "Unified Threat Management" Even the Untangle NGFW is a "next-gen" "threatprevention." There are also host-based "threatpreventions" that run on the local host computer.
The "ThreatPrevention" app itself is a traditional threatprevention used to block and/or flag TCP and UDP sessions passing through Untangle using rules. The ThreatPrevention app provides the same functionality as the traditional "threatprevention" - the ability to use rules to control which computers and communicate on a network.
Settings
This section reviews the different settings and configuration options available for ThreatPrevention.
Status
This displays the current status and some statistics.
Rules
The Rules tab allows you to specify rules to Block, Pass or Flag traffic that crosses the Untangle.
The Rules documentation describes how rules work and how they are configured. ThreatPrevention uses rules to determine to block/pass the specific session, and if the sessions is flagged. Flagging a session marks it in the logs for reviewing in the event logs or reports, but has no direct effect on the network traffic.
Typically Untangle is installed as a NAT/gateway device, or behind another NAT/gateway device in bridge mode. In this scenario all inbound sessions are blocked by NAT except those explicitly allowed with port forwards. Because of this, the ThreatPrevention does not block anything by default. It is up to you to decide to best fit for your network, whether you only want to block specific ports or you want to block everything and allow only a few services.
Rule Actions
- Pass: Allows the traffic which matched the rule to flow.
- Block: Blocks the traffic which matched the rule.
Additionally a session can be flagged. If Flag is checked the event is flagged for easier viewing in the event log. Flag is always enabled if the action is Block.
Reports
Related Topics
