Configure IPS Settings for Firewall Policy
Umbrella provides a set of default Intrusion Prevention System (IPS) settings that when enabled in a firewall policy control how Umbrella detects or blocks traffic in your network. In addition to the default signature lists, you can add a custom IPS setting for your organization and enable the custom signature list in your firewall policy.
IPS signature lists work together with the Umbrella cloud-delivered firewall (CDFW) to protect your network from threats and attacks. The Umbrella firewall policy controls all criteria for the CDFW including the IPS settings. For more information about IPS signature lists, see Manage IPS.
Prerequisites
- Full admin access to the Umbrella dashboard. See Manage User Roles.
- A subscription to Umbrella that licenses the Umbrella IPS signature lists.
Not all of the features described here are available to all Umbrella packages. Navigate to Admin > Licensing to view details about your current package. For more information, see Determine Your Current Package. If you encounter a feature that you do not have access to, contact your sales representative for more information about your current package. See also, Cisco Umbrella Packages.
Procedure
- Navigate to Policies > Management > Firewall Policy.
- Click IPS Settings or Settings.
- Under IPS Settings, turn Setting on to enable an IPS signature list.
- In the Intrusion System Mode drop-down menu, choose either Detection or Protection.
- Detection—Detect threats or attacks in your network that match the signatures in the IPS setting. With detection mode enabled, Umbrella detects matching traffic patterns but does not block destinations. You can test the IPS settings on your network without affecting the traffic. Umbrella logs the events as
Allowed (Would Block)
under IPS Signatures in the Activity Search report. - Protection—Protect your network from known threats or attacks. With protection mode enabled, Umbrella blocks destinations that match the signatures defined in the IPS setting.
- Detection—Detect threats or attacks in your network that match the signatures in the IPS setting. With detection mode enabled, Umbrella detects matching traffic patterns but does not block destinations. You can test the IPS settings on your network without affecting the traffic. Umbrella logs the events as
- In the Apply to IPS Signature List drop-down menu, choose a signature list.
- Click Save to apply the IPS setting to your firewall policy.
Delete a Firewall Rule < Configure IPS Settings for Firewall Policy > Change a Firewall Priority
Updated about 1 year ago