The intrusion prevention system blocks suspected attackers from your system.
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
<navigation>Gateway|Intrusion Protection|Intrusion Prevention</navigation>
The ClearSDN Intrusion Protection Updates service provides weekly signature updates to improve the effectiveness of the intrusion prevention system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. With intrusion prevention, it is important to keep false positives to a minimum. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
The Intrusion Prevention system displays a list of IP addresses that have been blocked due to inappropriate network traffic.
The SID corresponds to the Intrusion Detection ID that triggered the block. This is a hyper-link that can be followed to reveal more information about the specific conditions that were matched.
This is the IP address that triggered the block. If this IP address should not be blocked, you can add it to a “don't block” list by clicking on Whitelist under Action.
The date/time fields show when the block occurred.
The remaining block time is listed last. The IP address will be unblocked when this reaches 0.
A blocked host can be added to a Whitelist so it will not be blocked in the future. You can also remove a blocked host using Delete.
If there are IP addresses in your Whitelist they will be listed below the Active Block List. You can delete an entry by choosing Delete under Action. search?q=clearos%2C%20clearos%20content%2C%20Intrusion%20Prevention%2C%20app-intrusion_prevention%2C%20clearos5%2C%20userguide%2C%20categorygateway%2C%20subcategoryintrusionprotection%2C%20maintainer_dloper&btnI=lucky