Intrusion Rule Action Options
In an intrusion policy, you can set a rule’s action to the following values:
- Alert
-
You want the system to detect a specific intrusion attempt and generate an intrusion event when it finds matching traffic. When a malicious packet crosses your network and triggers the rule, the packet is sent to its destination and the system generates an intrusion event. The malicious packet reaches its target, but you are notified through the event logging.
- Block
-
You want the system to detect a specific intrusion attempt, drop the packet containing the attack, and generate an intrusion event when it finds matching traffic. The malicious packet never reaches its target, and you are notified through the event logging.
- Disable
-
You do not want the system to evaluate matching traffic.
Note | Choosing either the Alert or Block options enables the rule. Choosing Disable disables the rule. We strongly recommend that you do not enable all the intrusion rules in an intrusion policy. The performance of your managed device is likely to degrade if all rules are enabled. Instead, tune your rule set to match your network environment as closely as possible. |