Intrusion Prevention FAQs

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

Is Intrusion Prevention based on an open source project?

Yes, Intrusion Prevention is based on Snort.

Why is there no reference information for a specific rule?

If there is no information link available for a specific rule, you can try searching the rule ID at Snort Rules for more info.

Why aren't most of Intrusion Prevention's rules blocked by default?

Because many rules can block legitimate traffic in addition to malicious exploits we don't enable blocking by default.

You're free to change the action of any rules as you see fit for your network.

Can Intrusion Prevention rules be configured differently on Policy Manager racks?

No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible.

Why has Untangle has switched to Emerging Threat rules?

We feel they better reflect real-world uses for our customer environments. By default, more are enabled for logging.

Why is this rule set smaller?

The previous rule set had a considerable amount that was marked deleted.

How does this affect my IPS deployment?

For most customer who have configured through the IPS Wizard there will be more rules enabled for logging and slightly more memory usage. If you had any rules configured to block, those settings could be changed due to removed rules.