SANGFOR IAM v2.1 User Manual
264
All the matching and suspicious attacks will be recorded by the IAM gateway device, and be
handled according to the action configured for different defense levels.
As for the detailed logs, you can view then in the Data Center of the IAM gateway.
[Defense Time After Intrusion Is Detected]: Once attack attempt is detected, the IAM gateway
device will defend against the attacker, denying all the data packets sent from this address in the
next 180 seconds (default value). You can alter this value according to your case.
[Log Type of Intrusion Event]: Options are [Simple] (just record the general information of the
intrusion and [Detailed] (record the data packets of the intrusion, which requires more storage
capacity).
[IPS Conditions]: You can configure the options to defend the data transmission among WAN,
LAN and DMZ zones against attacks according to your case. They are all enabled by default.
Defense ability of [High], [Medium], and [Low] is in descending order. In general, it is
recommended to check [High] which can ensure the security of the local area network and
reduce the possibility of misjudgment.
In almost all cases, the local area network is under the protection of the firewall of the IAM
gateway device, and does not need the protection of IPS. In fact, the IPS is used for
protecting the port with which the LAN server provides services to the external networks, in
other words, it only maps the port to the local area network). This design can efficiently
protect the local area network, and ensure the work efficiency of the IAM gateway device.
13.2.2.
IPS Rules
[IPS Rules] enables you to view and configure the priority and auto update options of the IPS
rules.
IPS rules can be arranged (viewed) according to service and priority. Priority of an IPS rule may
be [High], [Medium]] and [Low].
Содержание IAM 2.1
Страница 1: ...SANGFOR IAM v2 1 User Manual IAM 2 1 User Manual September 2010...
Страница 296: ...SANGFOR IAM v2 1 User Manual 295...