Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
petrklinkovsky
New Contributor

IPS - Block vs. Reset vs. Quarantine

Hello, I'm trying to understand what is difference in following actions on IPS signature: Block, Reset, Quarantine.  From the user view is traffic blocked in all cases, right? I understand that Quarantine puts IP adres on quarantine list so admins could easily check what is quarantined. But is there some more sophistiated using of these actions?

Thank you Petr

1 Solution
neonbit
Valued Contributor

Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.

 

I prefer to use block where possible as resets will alert attackers that there is an IPS active.

View solution in original post

1 REPLY 1
neonbit
Valued Contributor

Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.

 

I prefer to use block where possible as resets will alert attackers that there is an IPS active.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors