Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Ignore connection: stop scanning rest of the traffic if attack is detected !!!!
>what is going to happen next ?
>>would someone please explain what is the specifiv function or ignore connection , when to use it ???
Hi AhmedMohamed,
Ignore-connection is used when you only need to detect an attack. The use case for this is for highly sensitive traffic where you do not want to introduce latency by scanning the complete session. The moment you detect an attack you essentially disable IPS rulebase for that specific connection.
Regards,
Anand
[KUDOS PLEASE! If you think I earned it!If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Best use case is in an environment with a development zone where they develop nonstandard apps and other testing that could appear to the the IDS as an attack. You would configure this option for that specific zone since it would be known and not a reall atack.