Network Intrusion Prevention capabilities are part of the Cloud Edge base functionality. An Intrusion Prevention System (IPS) identifies and stops many threats, exploits, back-door programs, and other attacks as they pass through the device. An IPS can bolster a firewalls security policy by ensuring that traffic allowed by the firewall rule policy is further inspected to make sure it does not contain threats.
IPS profiles determine the level of protection against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default profile protects clients and servers from known threats.
Patterns used to detect threats are released before official updates or patches become available—protecting businesses during this crucial period. Cloud Edge IPS is a deep-packet-inspection system which peers inside the traffic packets and removes certain packets which contain undesired contents that are compared against a deployable rules list of several hundred patterns. This signature list of patterns is live-updated every few minutes and constantly adapts and evolves to keep you protected from threats as soon as they emerge or spread.
IPS provides support for the common attack types such as:
Malformed traffic/Invalid header attacks
Malware and blended attacks
TCP Segmentation and IP Fragmentation attacks
To assist you in understanding what threats Cloud Edge IPS profiles detect and provide protection against, Cloud Edge provides the BID/CVE number for a detected IPS violation where possible. See Where to Find IPS BID/CVE Information for details about where to find this information.
Use customized profiles to minimize vulnerability checking for traffic between trusted security zones and to maximize protection for traffic received from untrusted zones (Internet) as well as the traffic sent to highly sensitive destinations (server farms).
If you deploy the Cloud Edge gateway with hardware switch chipset in Bridge Mode, only the High Security intranet security setting fully supports IPS scanning for intranet traffic.
With the Balanced intranet security setting, some L2-L3 flood and port scan patterns work for intranet traffic. You can configure settings for these IPS patterns when configuring the switch interface (sw0).
IPS is not supported with the High Speed intranet security setting for intranet traffic.
All three intranet security settings support IPS on the external network.