INSPECTION PROFILES
Global configuration
Default inspection profiles
| Profile for incoming traffic |
Define the profile to apply to traffic entering the network via the SNS firewall. Incoming traffic represents the traffic from an unprotected interface – such as the Internet – to a protected interface such your local/internal network. |
| Profile for outgoing traffic |
Define the profile to apply to traffic leaving the network via the SNS firewall. Outgoing traffic represents the traffic from a protected interface to an unprotected interface. |
New alarms
| Apply default model to new alarms |
This option is related to the Application protection > Applications and protections module. When it is enabled, new alarms will be updated automatically and signed with the SNS signature. The following options will then be grayed out. If you wish to apply them manually, unselect the checkbox to edit them. |
| Action |
When an alarm is raised, the configured action will be applied to the packet that set off the alarm. You can choose to Pass or Block new alarms. You will see the status you applied to the Application protection > Applications and protections module. New alarms can be found in the “New” column. |
| Level |
Three alarm levels are available: "Ignore", "Minor" and "Major". |
| Packet capture |
If this option is selected, the packet that set off the alarm will be captured. |
When the log management service is saturated
| Block packets that generate an alarm |
When the firewall is no longer able to log events because its log management service is saturated, this option makes it possible to block all packets that generate alarms. When this option is disabled, the packets in question are not blocked and will no longer be logged. |
| Block packets intercepted by a filter rule configured in "Verbose (filtering log)” mode |
When the firewall is no longer able to log events because its log management service is saturated, this option makes it possible to block all packets intercepted by a filter rule configured to log events. When this option is disabled, the packets in question are not blocked and will no longer be logged. |
Advanced properties
| Treat IPsec interfaces as internal interfaces (except virtual IPsec interfaces). Applies to all tunnels: remote networks must be explicitly legitimized. |
If this option is selected, IPsec interfaces will become internal - and therefore protected - interfaces. All networks that may go through IPsec tunnels must therefore be validated, and static routes that allow them to be contacted must be declared. Otherwise, the firewall will reject the IPsec traffic. IMPORTANT
|
Configuring profiles
Select the application profile associated with the protocol from the drop-down list by clicking on the arrow to the right of the field.
To return to the previous menu, click on “Go to global configuration”.