Operation Manual
4. Set up regularly scheduled signature updates in the configuration pages, or update manually in ECM via the
Devices or Groups page (click on Commands in the top toolbar and select Update IPS Signatures from the
dropdown options).
NOTE: Updating the signature database version causes a network disruption for a few seconds. You can schedule these
updates to occur during days/times when you expect less traffic on your network.
Status
The Status section shows if Threat Management is enabled. It shows the current signature database version number,
the timestamp for the most recent update, and the status of the most recent attempt to update signatures.
Click on the Update button to check for a new signature database version.
Global Settings
Customize your Threat Management implementation (choose between IPS and IDS, set up a signature update
schedule, etc.).
Operation Mode: Choose IPS, IDS, or neither.
Disabled
Detect and Prevent (default) – IPS mode
Detect Only – IDS mode
In both Detect and Prevent and Detect Only modes, detected packets are logged to the System Log as well as sent to
your ECM account.
Engine Failure/Error Action: In the unlikely event of an error with the Threat Management engine, you have the
following options:
Allow Traffic (default)
Deny Traffic
With Allow Traffic selected, the device will act like a typical router without Threat Management enabled and route
traffic as usual. If security is a huge concern, however, you may wish to select Deny Traffic to stop all traffic when
Threat Management isn't working properly.
Application ID Logging: (Disabled by default.) The DPI engine can identify network traffic applications and send this
information to the system logs. Depending on your network traffic uses, application ID logging may send huge amounts
89