fwobreak

Firewall Violation Outbreaks

Define a firewall violation outbreak by the number of firewall violations and the detection period.

OfficeScan comes with a default notification message that inform you and other OfficeScan administrators of an outbreak. You can modify the notification message to suit your requirements.

• OfficeScan can send firewall outbreak notifications through email. Configure email settings to allow OfficeScan to send emails successfully. For details, see Administrator Notification Settings.

To configure the firewall violation outbreak criteria and notifications:

• Notifications > Administrator Notifications > Outbreak Notifications

1. In the Criteria tab:

1. Go to the Firewall Violations section.

2. Select Monitor firewall violations on networked computers.

3. Specify the number of IDS logs, firewall logs, and network virus logs.

4. Specify the detection period.

• Trend Micro recommends accepting the default values in this screen.

OfficeScan sends a notification message when the number of logs is exceeded. For example, if you specify 100 IDS logs, 100 firewall logs, 100 network virus logs, and a time period of 3 hours, OfficeScan sends the notification when the server receives 301 logs within a 3-hour period.

2. In the Email tab:

1. Go to the Firewall Violation Outbreaks section.

2. Select Enable notification via email.

3. Specify the email recipients.

4. Accept or modify the default email subject and message. You can use token variables to represent data in the Subject and Message fields.

   Variable	Description
   %A	Log type exceeded
   %C	Number of firewall violation logs
   %T	Time period when firewall violation logs accumulated

3. Click Save.

See also:

• About the OfficeScan Firewall

• Firewall Policies and Profiles

• Administrator Notification Settings