StoneBlog.stonesoft.com

During the last two years we have received feedback from Gartner as well as some customers that StoneGate IPS is surely efficient but it is a bit difficult to configure inspection rules for the device. The other feedback we have noticed in customer interviews is that administrators are not aware of all StoneGate’s inspection capabilities. Administrators don’t seem to have time to configure and manage Inspection rules as granular way as for managing the FW access rules.

In StoneGate 5.2 we have now answered your needs. There is a brand new way of configuring inspection rules with the help of a new Inspection Rules panel. Read more how to configure the Inspection rules with SMC 5.2.

In this new “Inspection Rules” panel you can see all the 4000+ Situations categorized by Situation Type. With one glance you can see how the engine handles each type of Situations. Changing actions and logging levels is very easy. Whenever you see false positives in the logs, you just open the related policy from the right-click menu. System then highlights the corresponding Situation from the Inspection Panel where you can directly change the action or logging level for that particular Situation or that type of Situations.

Good starting point for inspection configuration is to inherit the System Template that is actively maintained and updated by the Stonesoft Vulnerability Analyst Group. The System Template defines the default action and logging level for each Situation. The inherited default value can of course be overridden in the policy.

The new “Inspection Rules” panel is available both in FW and IPS Policies. The panel defines the action and logging level value for all Situations. Those values apply no matter what is the source address, destination address or protocol. If you need to have more granular inspection configuration, you can still use “Exception Rules” that are handled always before checking the default value from the new panel. In the migration all your existing inspection rules are displayed as Exception rules.

written by Tero Jantunen - 1,264 views \\ tags: 5.2, False positives, Feature Previews, firewall, Inspection, Inspection configuration, Inspection rules, IPS, Situations, SMC