Topics on this page

Customize filter settings using the GUI

You might need to override the recommended action for individual filters because of specific network requirements, or in cases where the recommended settings for a filter interact poorly with your network.

If traffic matches a filter, the Network Security service responds to that traffic based on the instructions defined in the action set for the filter. All action sets require a flow control action—to block, permit, or to react in a combination of ways to the traffic. You can also log information about matching traffic to a packet trace log or a Splunk server for review and reporting.


NOTE

After you distribute any filter customizations you make in the following procedure, any filter customizations you have previously made using the command line interface (CLI) will be overriden.


  1. From the navigation panel, select the Policy icon policies icon and select Intrusion Prevention Filtering.

  2. Do one of the following:

    • To customize the settings of a single filter, click the Configuration Settings cog settings cog to the right of the filter.
    • To make the same setting changes for several filters at one time, select the checkbox next to all applicable filters listed or, optionally, check the checkbox at the top (next to the date) to select all of the filters displayed. A maximum of 100 filters can be displayed and edited at one time. Then click the Configuration button at the top of the page.
  3. Select Use customized actions. You can configure the following options, and your configuration updates will be applied to all the filters you have selected:

    Action Description
    Filter state Determines whether filters are enabled or disabled.
    Flow control A Block action discards a packet. A Permit action enables a packet to reach its intended destination. A Trust action enables the designated traffic to bypass all inspection; the traffic is transmitted immediately.
    Log Event Sends log events to your syslog repository (such as a Splunk server). Can be used with either Block or Permit settings.
  4. Adjust the settings and click Save.

If the attempt was successful, a Customized designation is displayed next to the filter's configured settings on the Intrusion Prevention Filtering page.

After you customize a filter, you must redistribute the filter. Learn more.