Hello, I'm trying to understand what is difference in following actions on IPS signature: Block, Reset, Quarantine. From the user view is traffic blocked in all cases, right? I understand that Quarantine puts IP adres on quarantine list so admins could easily check what is quarantined. But is there some more sophistiated using of these actions?
Thank you Petr
Solved! Go to Solution.
Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.
I prefer to use block where possible as resets will alert attackers that there is an IPS active.
Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.
I prefer to use block where possible as resets will alert attackers that there is an IPS active.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.