A hard-coded IPS Quarantine action performs traffic management and reradiates Web
requests as block actions or redirects them to a web page detailing issues they may
have about their system. You can also add accessible web sites allowed to the host
while blocking all other access, such as to a virus detection company or software
update web site.
The default IPS Quarantine action is set to block all traffic from hosts identified
for quarantine, but you can modify these settings. For example, you may want to redirect
suspect Web requests to a specified Web server. Incorporating this action in a policy
with notification actions can provide an effective defense.
When the SMS has an IPS escalation policy with the IPS Quarantine action, it sends
the unquarantine command to ALL managed devices, including the originator.
IPS Quarantine Response (Hidden) Action describes how the IPS behaves when the SMS
adds an IP to its list of responded to IP addresses. You can edit this action to better
meet the needs of your environment.
The IPS Quarantine action configured on an IPS device provides a first layer of defense.
Using the SMS Quarantine response action provides greater flexibility in targeting
quarantine behavior. Before you set up this action, you must configure a Profile action
set for Active Responder.