Activating the relevant inspection checks

The Rules tree is the main tool for controlling deep inspection.

Traffic patterns of interest are defined in Situation elements. The inspection checks are based on selecting the reaction to the Situations when the pattern is found. It is not mandatory to create any additional Situation elements to activate inspection checks, because there are many default Situation elements and they are continuously updated through dynamic update packages.

The Rules tree on the Inspection tab is the main tool that allows you to select which traffic patterns are permitted and stopped. You can also select whether a log entry or an alert is triggered, and whether matching traffic is recorded. All Rules in the Rules tree can be edited, including overrides that have been set in a higher-level template. The Rules tree can contain a maximum of one instance of each Situation to prevent the definitions within the Rules tree from overlapping.