Endpoint Protection

 View Only

  • 1.  Change Blocking traffic interval for Intrusion prevention detected

    Posted Feb 22, 2018 08:50 AM

    If an Intrusion prevention threat detected on a client, it blocks the traffic coming from this IP address for a time interval (10 minutes a i think). 

    i need to know if this time interval is adjustable or not? i.e. block traffic for 3 minutes instead of 10 minutes

     

    is it possible ?



  • 2.  RE: Change Blocking traffic interval for Intrusion prevention detected
    Best Answer

    Posted Feb 22, 2018 07:00 PM

    Make the change in the Firewall policy on the Protection and Stealth tab:



  • 3.  RE: Change Blocking traffic interval for Intrusion prevention detected

    Posted Feb 22, 2018 08:30 PM

    but this is related to Firewall policy not Intrusion Prevention policy.

    we have disabled the firewall policy in our system.



  • 4.  RE: Change Blocking traffic interval for Intrusion prevention detected

    Posted Feb 23, 2018 12:57 PM

    This is active response, which is handled via the firewall policy. These options don't exist in the IPS policy.



  • 5.  RE: Change Blocking traffic interval for Intrusion prevention detected

    Broadcom Employee
    Posted Feb 23, 2018 01:15 PM

    IPS uses the Active Response from the firewall policy.  You will see it is set to 600 seconds by default which is 10 minutes.