Important steps to consider before activating the IPS module
While you can immediately activate the IPS module in your Enforcer portal we recommend against this as it may stop legitimate services from functioning. The IPS module considers all direct IP addresses or non DNS based connections as suspicious and they are flagged and blocked.
There are often important services such as VOIP, file-sharing and others that will be negatively impacted by activating the IPS module without first determining what traffic is legitimate and necessary and taking action to ensure that it is not blocked.
We strongly suggest you follow the steps in the procedure below before activating the IPS module.
Recommended procedure for IPS activation:
Step 1
Log into your LucidView Enforcer Management Portal
Step 2
Beneath the tab “Enforcer Management” you will see the heading “Enforcer Count”, click on “View All”.
Step 3
Choose the Enforcer for which you would like to enable the IPS feature. Click on the magnifying glass and activate the IPS module by ticking the box. Please click here for more information.
Step 4
Click on “Login” of the Enforcer that you enabled the IPS for.
Step 5
Now beneath the Security and IPS Module/Heading you will see “Visit Security Centre”, click on that link.
Step 6
Generate and review the Security Risk Reports provided in your portal. These reports can be quickly accessed by clicking on the “Security Center” link in your Enforcer portal, this opens your Enforcer Security Center where you will see a link allowing you to Generate Security Risk Report. Click on this link to access the following reports:
- Security Risk Report – Protocol
- Security Risk Report – Internal
- Security Risk Report – External
These reports will show you all the direct IP addresses and non-DNS based connections on the network. We highly recommend you go through the reports and determine what is legitimate and what is not.
Step 7
Whitelist the IPs that are determined to be legitimate. For more info on how to whitelist an IP address please visit this page.
Once all the IP addresses that are identified as legitimate and necessary have been added to the whitelist you can confidently activate your IPS Module.