Intrusion Prevention

  • 1.  Default Service in Rules

    Posted 04-15-2010 08:07

    Hi All,

     

           When you create a new policy or used one of the canned policy I noticed that the Service field it always says Default.  Does anyone know what the default service is actually made up of? 

     

    At first I though it included everything but noticed that you can replace the default with an ANY.

     

    Also looking through the services manager I dont see a group called default.

     

    Thanks,



  • 2.  RE: Default Service in Rules
    Best Answer

    Posted 04-16-2010 09:10

    Hi,

     

    It's my understanding that if you don't specify a service, the service field inherits its value from the Attack Objects specified in the rule.  So if you select "Default" the sensor is going to match packets based upon source and destination, then examine packets based on the specified attack.  However, I typically prefer to match on source, destination and service to rule out any anamolies.  I hope this helps.

     

    -John