Configuring Intrusion Prevention Using the Web UI

Before you configure intrusion prevention, update the intrusion prevention signature database or, if necessary, configure user-defined signatures, create intrusion prevention profiles, reference signatures matching the specified conditions in the intrusion prevention profiles, and apply the intrusion prevention profiles in the security policies.

Updating the Signature Database: When a device is delivered, the signature database may not meet the actual requirements. For example, the signature database capability is small or the signature database is outdated. In this case, you are advised to update the intrusion prevention signature database and malicious domain name signature database immediately after the device is booted, and update the two signature databases in a timely manner during O&M to better defend against threats on the network.

Configuring Signatures: This section describes how to configure intrusion prevention signatures. A signature contains the features of a network intrusion. The device compares the received data flow with intrusion prevention signatures. If the data flow content matches a signature, the data flow contains threats.

Configuring Intrusion Prevention: You can configure signature filters in an intrusion prevention profile to filter out the signatures containing the same features and set an action for the threats matching these features. You can also add a signature as an exception and configure a different action for the exception signature.

Verification and Check: This section describes the verification and check operations after the intrusion prevention feature is configured.