WatchGuard x1000 用户指南
Integrating Intrusion Detection
User Guide
193
and monitor sites that attempt access to restricted ports on
your network.
your network.
Configuring a service to temporarily block
sites
sites
Configure the service to automatically block sites that
attempt to connect using a denied service. From Policy
Manager:
attempt to connect using a denied service. From Policy
Manager:
1
Double-click the service icon in the Services Arena.
The Properties dialog box appears.
2
Use the Incoming service Connections Are drop list to
select Enabled and Denied.
select Enabled and Denied.
3
Select the checkbox marked Auto-block sites that
attempt to connect via
attempt to connect via
service, located at the bottom of
the dialog box.
Viewing the Blocked Sites list
The Blocked Sites list is a compilation of all sites
currently blocked by the Firebox. Use Firebox
Monitors to view sites that are automatically
blocked according to a service’s property configuration.
From System Manager, click the Blocked Site List tab at
the bottom of the graph. (You might need to use the arrows
to access this tab.)
currently blocked by the Firebox. Use Firebox
Monitors to view sites that are automatically
blocked according to a service’s property configuration.
From System Manager, click the Blocked Site List tab at
the bottom of the graph. (You might need to use the arrows
to access this tab.)
Integrating Intrusion Detection
Intrusion detection is an important component of a
defense-in-depth security policy. A good intrusion detec-
tion system (IDS) examines over time the source, destina-
tion, and type of traffic directed at your network and
compares it against known patterns of attack. When a
match occurs, it tells you the nature of the attack and rec-
ommends possible courses of action.
defense-in-depth security policy. A good intrusion detec-
tion system (IDS) examines over time the source, destina-
tion, and type of traffic directed at your network and
compares it against known patterns of attack. When a
match occurs, it tells you the nature of the attack and rec-
ommends possible courses of action.