Threats that are detected by the IPS engine are listed in the Threat Scan tab of the Firewall interface of a Barracuda NG Firewall. This user interface provides a detailed view of information to each detected threat.
Firewall Threat Scan Interface
The Threat Scan interface can also be used to detect and manage false positive detections. If one of the entries listed was detected as malicious but should be allowed instead,
- Select the desired entry.
- Select Add IPS Overrides in the upper bar.
- In the False Positive interface, click Send Changes and Activate.
The entries are added to the IPS False Positives list of the Barracuda NG Firewall and, if present, to the Barracuda NG Control Center where you can import them. Entries added to the IPS False Positives list will automatically get the None action and can be edited in the IPS False Positive interface.
With IPS enabled, it may happen that the engine detects network traffic that seems to be suspicious, but in special circumstances needs to be allowed by the system administrator. To manage these threats, proceed as follows:
- Go to the Config > Full Config page.
- Open the Box > Virtual Servers > Assigned Services > Firewall > IPS Exception Database page.
- Click Lock.
By selecting an entry, further modifications can be done by simply clicking the desired cell in the table. To extend a matching policy it is possible to enter * (ALL) in the columns IPS Signature ID, Source, Port and Destination. A blank cell represents * (All). It is also possible to manually create or copy false positives entries. To do so, click Add to create a new entry and configure as desired.