55
Installing the Initial Policy
Repeat these steps to add any additional Networks to the Router element.
The routing configuration changes are transferred to the engine with the other configuration
information when you install an IPS policy on the Sensor.
Installing the Initial Policy
To be able to inspect traffic, the sensors and analyzers must have an IPS policy installed on
them. Installing one of the predefined IPS policies provides an easy way to begin using the IPS
system. You can then fine-tune the system as needed. The system has the following ready-made
IPS Policies:
The Strict Policy and the System Policy are added and updated when you import new dynamic
updates (see the Management Client
Online Help
or the
Administrator’s Guide
PDF for more
information). Because of this, the Strict Policy, IPS Strict Template, System Policy, and IPS
System Template cannot be edited directly. See the
IPS Reference Guide
for more information on
the predefined policies and templates.
When you install a policy on a sensor, the analyzer that the sensor uses also receives a new
policy. You do not install the policy separately on analyzers.
To install the Strict Policy or the System Policy
1.
Click the Configuration icon in the toolbar and select
IPS
. The IPS Configuration view opens
with the IPS Policies branch expanded.
Table 7.1 Default IPS Policies
IPS Policy
Description
Strict Policy
Contains the predefined rules inherited from the IPS Strict Template.
Suitable as the initial policy in high-risk environments, such as data
centers. Recommended only for use with inline sensors.
System Policy
Contains the predefined rules inherited from the IPS System Template.
Suitable as the initial policy in most network environments.
Certification Policy
This policy was used when StoneGate IPS was tested at NSS Labs. We
recommend that you install either the Strict Policy or the System Policy as
the initial policy on the IPS engines.
Содержание stonegate 5.2
Страница 1: ...STONEGATE 5 2 INSTALLATION GUIDE INTRUSION PREVENTION SYSTEM...
Страница 5: ...5 INTRODUCTION In this section Using StoneGate Documentation 7...
Страница 6: ...6...
Страница 12: ...12...
Страница 18: ...18 Chapter 2 Planning the IPS Installation...
Страница 28: ...28 Chapter 4 Configuring NAT Addresses...
Страница 30: ...30...
Страница 50: ...50 Chapter 6 Saving the Initial Configuration...
Страница 59: ...59 INSTALLING SENSORS AND ANALYZERS In this section Installing the Engine on Intel Compatible Platforms 61...
Страница 60: ...60...
Страница 72: ...72 Chapter 8 Installing the Engine on Intel Compatible Platforms...
Страница 73: ...73 UPGRADING In this section Upgrading 75...
Страница 74: ...74...
Страница 88: ...88...
Страница 94: ...94 Appendix A Command Line Tools...