Symantec 10521148 Implementation Guide - Page 124
About protection policies, Creating and applying protection policies
View all Symantec 10521148 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 124 highlights
116 Configuring detection and response Creating and applying protection policies About protection policies A protection policy contains detection components such as signatures and protocol anomaly detection (PAD) events, plus logging and blocking rules. The rules define whether a detected event is logged, blocked, or both. Actions beyond logging or blocking are controlled by the response rules you define in a separate area of the Network Security console. See "About response rules" on page 124. For detailed information about protection policies, including detection components, sensor parameters, PAD-related port mapping, and custom signatures, see the Symantec Network Security Administration Guide. Symantec Network Security provides a number of predefined protection policies that you can apply directly, or clone and customize to suit your needs. You can apply a policy to one or more interfaces, but an interface can have only one policy applied to it at a time. If you apply a new policy to an interface, it replaces the previous policy. Protection policies that specify blocking on certain events can be applied only to in-line interface pairs on the 7100 Series. Once you apply a blocking policy to an in-line pair, you can enable or disable the designated blocking functionality for the in-line pair with a single mouse click. Creating and applying protection policies Symantec Network Security provides several predefined protection policies for your convenience, four of which contain blocking rules for in-line interfaces. You can: ■ Use one of the predefined protection policies ■ Clone a predefined policy, and then modify the clone ■ Create a new policy by selecting events from the master event list and adding logging or blocking rules You cannot edit or delete the predefined policies.