Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I edit the IPS Quarantine Default Action on the SMS?

    • Updated:
    • 14 Dec 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary
The SMS provides a hard-coded IPS Quarantine action. This action performs traffic management as well as remediates web requests to be block actions or redirected to a web page detailing issues they may have regarding their system. You can also add accessible web sites allowed to the host while blocking all other access, such as to a virus detection company or software update web site. The default IPS Quarantine action is set to block all traffic from hosts identified for quarantine. You can modify these settings. For example, you may want to redirect suspect web requests to a specified web server. Incorporating this action in a policy with notification actions can provide an effective defense.
Details
Public

Procedure:

Note: To use this action you must configure a Profile action set for Active Response.

  1. Log in to the SMS from a client.
  2. Navigate to the Responder > Actions tab screen.
  3. On the Response Actions section do one of the following:
    • Double-click the IPS Quarantine entry.
    • Highlight the IPS Quarantine entry and click Edit.
    • Highlight the IPS Quarantine entry, right-click and select Edit.
    • Highlight the IPS Quarantine entry and from the top menu select Edit > Preferences.
  4. The Edit Response Action setup wizard displays.
  5. If you want to customize the Action Name, type a new name for the action. You cannot change the action type.
  6. Select Quarantine Settings tab and select one of the following options:
    • Web Requests
      • Select Block.
      • Select Redirect to a web server. If you select Redirect, enter a web site to access.
      • Select Display quarantine web page.
    • Other Traffic- Select Block or Permit for the response to host traffic.
  7. To allow quarantined hosts to access specific sites, select Quarantine Exceptions in the navigation tree and then click New to create a new listing or select an existing listing and click Edit.
  8. If you prefer another name for the action, enter the new Name.
  9. Enter the Address and select CIDR, IP Mask, or Any IP.
  10. Click OK.
  11. If you want to test this action, click Test.
  12. On the Edit Response Action screen, click OK. Add this action to a policy that specifies the values that trigger the response action.

Reference: SMS User Guide

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000097226
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.