Security inspection
Global configuration
Default inspection profiles
| Profile for incoming traffic |
Define the profile to apply for incoming traffic on the network via the SNS firewall. Incoming traffic represents the traffic of an unprotected interface (such as the internet) to a protected interface (your local/internal network). |
| Profile for outgoing traffic |
Define the profile to apply for outgoing traffic on the network via the SNS firewall. Outgoing traffic represents the traffic of a protected interface (such as the internet) to an unprotected interface. |
New alarms
| Apply the default model to new alarms |
This option is related to the Application protection > Applications and protections module. By enabling it, new alarms will be updated automatically and will be issue with the SNS signature. Options that follow will be grayed out if you have chosen an automatic configuration. If you wish to apply them yourself, unselect the option and define the parameters in the fields that follow. |
| Action |
When an alarm is raised, the packet that set off the alarm will be subject to the action configured. You can choose to Pass or Block new alarms. You will notice the status you have applied to the Application protection > Applications and protections module. New alarms can be found in the column New. |
| Level |
Three alarm levels are available: "Ignore", "Minor" and "Major". |
| Packet capture |
By selecting this option, the packet that set off the alarm will be captured. |
When the log management service is saturated
| Block packets that generate an alarm |
When the firewall is no longer able to log events because its log management service is saturated, this option makes it possible to block all packets that generate alarms. If this option is disabled and the firewall’s log management service is saturated, such packets will neither be blocked nor logged. |
| Block packets intercepted by a filter rule configured in "Verbose (filtering log)” mode |
When the firewall is no longer able to log events because its log management service is saturated, this option makes it possible to block all packets intercepted by a filter rule configured to log events. If this option is disabled and the firewall’s log management service is saturated, such packets will neither be blocked nor logged. |
Advanced properties
| Treat non-VTI IPsec interfaces as internal interfaces |
If this option is selected, IPsec interfaces will become internal - and therefore protected - interfaces. All networks that are able to go through IPsec tunnels must therefore be legitimized and static routes allowing them to be contacted must be declared. Otherwise, the firewall will reject the IPsec traffic. IMPORTANT
|