About Intrusion Prevention Service

Intrusion Prevention Service (IPS) provides real-time protection from threats, including spyware, SQL injections, cross-site scripting, and buffer overflows. When a new attack is identified, the features that make the intrusion attack unique are recorded. These recorded features are known as the signature. IPS uses these signatures to identify intrusion attacks.

By default, when you enable and configure IPS, the IPS configuration applies globally to all traffic. You can also choose to disable IPS on a per-policy basis.

Add the IPS Upgrade

To enable IPS, you must:

1. Get a Firebox Feature Key
2. Manually Add or Remove a Feature Key
3. Configure Intrusion Prevention

Keep IPS Signatures Updated

New intrusion threats appear on the Internet frequently. To make sure that IPS gives you the best protection, you must update the signatures frequently. You can configure the Firebox to update the signatures automatically from WatchGuard, as described in Configure the IPS Update Server.

IPS and Application Control signature updates are delivered together in the same update file. The size of the IPS signature set depends on your Firebox hardware platform and software version. For more information, go to IPS and Application Control Signature Set Sizes.

See IPS Status

To see statistics on current IPS activity and update the IPS signatures, from Firebox System Manager. For more information, go toApplication Control and Intrusion Prevention Service Statistics.

To see statistics on current IPS activity and update the IPS signatures, from Fireware Web UI, go to the Dashboard > Subscription Services page. For more information, go to Subscription Services Status and Manual Signatures Updates.

Related Topics

Video tutorial: Getting Started with IPS