Symantec 10521148 Implementation Guide - Page 39
In-line mode, Blocking and alerting
View all Symantec 10521148 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 39 highlights
Deploying the 7100 Series 31 Deployment options Note: Passive mode does not provide the ability to block malicious traffic from reaching its destination. The attack is detected on its way to the target. Blocking is only available using in-line mode. See "In-line mode" on page 31 and "About protection policies" on page 116. In-line mode In-line mode is a powerful mode of deployment that is available only on the Symantec Network Security 7100 Series. This section provides the following information: ■ Blocking and alerting ■ In-line pairs ■ Deployment using in-line mode ■ Comparing in-line mode to passive mode Blocking and alerting You can configure in-line mode on your appliance to operate in either of two modes: ■ Alerting: Sends configurable alerts using email, pagers, SNMP, and console pop-ups. Provides configurable responses such as sending TCP resets, executing scripts or programs, traffic recording, and more. ■ Blocking: Prevents malicious traffic from entering your network. Also provides the same configurable alerts and responses offered in alerting mode. Both operating modes provide logging of suspicious or malicious events, including the display of events and incidents on the Network Security console. In-line alerting mode provides the same capabilities as passive mode provides (see "Passive mode" on page 30). The advantage of in-line alerting mode over passive mode is that you can quickly switch from alerting to blocking mode in the Network Security console. In-line blocking mode is an important tool for securing your network, because it allows you to stop attacks at the point of detection. Blocking mode on the 7100 Series utilizes Symantec Network Security's powerful analysis software to identify both zero-day attacks and those with known signatures. You can find more information about Network Security's analysis and detection capabilities in the Symantec Network Security Administration Guide.