Example: exempting traffic from inspection in IPS Access rules

An example of using IPS Access rules to allow specific traffic without deep inspection.

At Company A, there is an IPS engine deployed between the general office network and a subnetwork.

Figure: Company A's networks



In the subnetwork, there are several servers that provide services to the general office network as well as the Management Server and Log Server. There is also a Firewall deployed between the internal and external networks. There is heavy traffic to the subnetwork where the internal servers are. The administrators decide to exempt the log transmissions between the Firewall and the Log Server from being inspected against the Inspection Policy to reduce the IPS engine’s workload. The administrators:
  1. Create an IPS policy based on the IPS Template to replace the Default IPS Policy that they have currently installed.
  2. Add a rule in the Access rules for their IPS engine:
    Table 1. Access Rule for exempting traffic from inspection against the Inspection policy
    Source Destination Service Action Options
    Firewall Log Server SG Engine to Log Allow Deep inspection: Off