ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Firewall Protection 5-49
v1.0, January 2010
Using the Intrusion Prevention System
The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in real-
time, network attacks and port scans and to protect your network from such intrusions. You can set
up alerts, block source IP addresses from which port scans are initiated, and drop traffic that
carries attacks. You can configure detection of and protection from specific attacks such as Web,
e-mail, database, malware, and other attacks. The IPS differs from the malware scan mechanism
(see “Configuring Web Malware Scans” on page 6-21) in that it monitors individual packets
whereas the malware scan mechanism monitors files.
The IPS also allows you to configure port scan detection to adjust it to your needs and to protect
the network from unwanted port scans that could compromise the network security.
The IPS is disabled by default. To enable intrusion prevention and configure port scan detection:
1. Select Network Security > IPS from the menu. The IPS submenu tabs appear, with the Global
(IPS) screen in view.
2. To enable the IPS, select the ON radio button. The default setting is OFF.
3. Configure port scan detection by selecting one of the following radio buttons:
• OFF. Port scan detection is disabled. This is the default setting.
• ALERT. When a port is scanned, an alert is e-mailed to the administrator that is specified
in the Email Notification screen.
• Block Source IP. When a port is scanned, the IP address of the PC or device that scans the
port is blocked for the duration that you specify in the Seconds field. The default setting is
300 seconds.
4. Click Apply to save your settings.
Figure 5-30