What is the Shield module?

Overview

Shield is a system service that will block internal devices from sending out an excessive number of sessions. Traffic will be blocked after the session count from a single device reaches 30 sessions per second.

Shield can help prevent compromised devices from generating overwhelming amounts of outbound traffic, such as DDoS attacks or port/IP scans.

Excluding traffic from Shield scanning

You can create different rules within the Shield system that will allow you to ignore traffic from a specific device, interface, or even network. The screenshots below will show you what these rules will look like. They can be found under Config > System > Shield

Adding rules here are just like the rest of the rule sets within NG Firewall. Once you click the Add button, you can choose a variety of different conditions to create the rule with. For this example, we will be using the "Source Address" condition to ignore the traffic for one specific device. 

mceclip0.png

This rule will cause the Shield system to pass the traffic from this one specific device without applying normal thresholds. 

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk