Intrusion Prevention

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Default Service in Rules

    Posted 04-15-2010 08:07

    Hi All,

     

           When you create a new policy or used one of the canned policy I noticed that the Service field it always says Default.  Does anyone know what the default service is actually made up of? 

     

    At first I though it included everything but noticed that you can replace the default with an ANY.

     

    Also looking through the services manager I dont see a group called default.

     

    Thanks,



  • 2.  RE: Default Service in Rules
    Best Answer

    Posted 04-16-2010 09:10

    Hi,

     

    It's my understanding that if you don't specify a service, the service field inherits its value from the Attack Objects specified in the rule.  So if you select "Default" the sensor is going to match packets based upon source and destination, then examine packets based on the specified attack.  However, I typically prefer to match on source, destination and service to rule out any anamolies.  I hope this helps.

     

    -John