APPLICATIONS AND PROTECTIONS

In this module, you will be able to manage the configuration of your alarms generated by the firewall’s applications and protection modules.

Note that titles of alarms are shown in the language of the firewall (Firewall language field in the General configuration tab in the System > Configuration module) instead of the language used during the connection to the web administration interface.

An inspection profile (IPS_00) is a set of application profiles (default00 – See the module Protocols). An application profile contains the configuration of the alarms from a protocol analysis that can be modified in this module. Its other configuration elements can be accessed in the corresponding “Protocols” menu.

To configure inspection profiles based on these application profiles, go to the module Inspection profiles and click on Go to profiles.

The signatures of these alarms are regularly updated via Active Update on products under maintenance (IPS: contextual protection signatures), and if this database is enabled in the Active Update configuration (module Configuration/System/Active Update).

Whether these alarms are raised therefore depends on the configuration of these protocol analyses as well as the security policy applied.

In this module, the alarm configuration is divided into two views:

• By inspection profile (also called “ view by configuration”)
  
• By context (also called “view by protocol”)
  

New alarms

When a new alarm is implemented, an icon appears in the New column to attract your attention.

By clicking on Approve new alarms, you can choose whether to approve all new alarms or just selected ones. The New icons of the alarms in question will then disappear.
Do note that new alarms become operational as soon as they are implemented: the approval serves only to confirm that you have taken note of the new alarms.

This action can also be applied in the View by inspection profile and View by context.