After you have installed valid threat protection licenses, you can configure rule update settings for the Grid. The Grid settings apply to all members in the Grid. You can select to use an existing threat protection ruleset or use a threat protection profile. A threat protection profile defines specific security settings and ruleset that you want to apply to a specific member or a group of members. For more information about rulesets, see Understanding Threat Protection Rulesets and Rules. For information about threat protection profiles, see Configuring Threat Protection Profiles. You can override only the global Event per second filter (in the Basic tab) and the Disable multiple DNS requests via single TCP session option (in the Advanced tab) in the Member Security Properties editor by selecting a member and clicking Edit.
To configure rule settings for the Grid or an individual member:
In the Threat Protection Ruleset Updates section, define the rule update policy. The appliance automatically performs rule updates by default. You can choose to manually publish rule updates. For information about how to manually update rules, see Manually Uploading Rulesets and Publishing Rule Updates.
Note
When you select this, ensure that you configure and enable a valid DNS resolver for the Grid in the Grid Properties editor so the appliance can successfully access the updated ruleset file.
If your network environment does not allow direct HTTP or HTTPS communication with the Internet through a firewall from a secure location in which the Grid Master or the standalone appliance resides, you can configure the Advance Appliance to use a proxy server so you can receive automatic threat protection updates through this connection. Configured proxy settings are for the entire Grid. You cannot configure proxy settings for individual members. For information about how to configure proxy servers, see Configuring Proxy Servers.
In the Schedule section, define the schedule for automatic ruleset downloads. The following options are enabled only when you have selected Enable Automatic Ruleset Downloads:
Note
When you schedule automatic ruleset downloads, the downloads are performed within 15 minutes before or after the scheduled time. If you have multiple Grid members configured for downloads, the same offset time applies to all members when the first member is unreachable. Downloads to the next reachable member do not happen right after a download fails on the unreachable member. The offset time is put in place to prevent all members from performing downloads at the same time.
In the Threat Protection Logging section, define the events per second per rule value to allow the appliance to log events in the syslog:
3. Save the configuration. To publish changes, click Publish if it appears at the top of the screen. Note that NIOS does not require restarting of the threat protection service after rule updates.
This page has no comments.