In the Event Policy section of the FIREWALL > Intrusion Prevention page, define the actions to be taken when the IPS engine detects suspicious network traffic with the following threat levels: Critical, High, Medium, Low, and Information. When the firewall operates in Report Mode, you can adjust only the Log settings. When the firewall operates in Enforce Mode, you can also modify the Action for each severity.
Available Action settings include:
- Drop – Blocks network traffic where malicious activities were detected.
- Log Only – Reports network traffic where malicious activities were detected.
- None – No action is taken.
Available Log settings include:
You can view detected threats on the BASIC > Recent Threats page.