The firewall third-party-ids enable command enables the interworking with a third-party IDS.
The undo firewall third-party-ids enable command disables the interworking with a third-party IDS.
By default, the interworking between the FW and third-party IDS is disabled.
Currently, the FW can interwork with only one type of third-party IDS devices, namely, the Suricata.
The FW can interwork with a third-party IDS, which can identify malicious traffic and deliver blocking instructions to the FW so that the FW can delete existing sessions or blacklist source or destination addresses to block attacks.
For the secure transmission of interworking packets, you must directly connect the FW to the third-party IDS and must use the firewall third-party-ids trust-interface { interface-name | interface-type interface-number } command to configure trusted interfaces on the FW. The FW analyzes only interworking packets from trusted interfaces and execute corresponding instructions.