Symantec 10521146 Administration Guide - Page 112
Responding to malicious or suspicious events, Understanding the protection policy work area
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 112 highlights
112 Protection policies Understanding the protection policy work area For example, when the 7100 Series appliance is deployed in-line, it can perform session-based blocking against malicious traffic and prevent attacks from reaching their targets. Responding to malicious or suspicious events Starting with a basic understanding of the usual traffic patterns on your network, you can configure Symantec Network Security to respond automatically to threats at the point of entry and beyond: ■ Direct the protection: If the data indicates that unexpected traffic is about to penetrate the firewall or router, you can block it by configuring a protection policy with blocking enabled. The option to block is available only using a Symantec Network Security 7100 Series appliance that is deployed in-line. See "Overriding blocking rules globally" on page 115. ■ Direct the response: You can configure Symantec Network Security to respond automatically to traffic across the network by configuring a response rule, such as alerting, capturing data, tracking, and more. See "Setting response actions" on page 141. Understanding the protection policy work area The Protection Policies work area contains five tabs as follows: Protection Policies Search Events Full Event List Auto Update Notes * Set policies to interfaces * Override blocking rules * Apply/Unapply policies * Set search criteria * Search * View Search Events * Adjust view of list * Select events to apply logging and/or block rules * View unaltered event list * Adjust view of list * Select events to apply logging and/or blocking rules * Configure LiveUpdate so any new event types that match criteria are logged * Annotate policies to show notes as tool tips