Why do Intrusion Prevention's rules only log by default?

Because many rules can block legitimate traffic in addition to malicious exploits, we don't turn them on by default. Each NG Firewall installation is in a different network, and we do not make any assumptions about your network. Traffic that is considered malicious in one network may be considered necessary in another.

One thing to keep in mind when using Intrusion Prevention is that many of its rules are specific to software that would be running in a network environment. For example, there are several rules concerning Apache. If you are not running an Apache server in your network, you do not need these rules enabled.

You're free to change the action of all rules to best fit your network, but we recommend a full review of your network before enabling any block rules. Intrusion Prevention is very good at generating false positives, so you should only enable blocks on rules that are specific to your network needs. Simply blocking traffic in bulk may break your connection to the Internet. Using the search bar at the bottom of the Rules page to look up rules that are specific to your network components or traffic.

Was this article helpful?
6 out of 8 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk