The Rules page is used to specify the actions to apply when a rule is triggered.
Topics:
- Where are rules defined?
- How can I specify the action to take when a rule triggers?
- How can I see which rule-based controls are active?
- How can I cancel a control?
Where are rules defined?
The rules on this page are defined using the Sentinel: Signatures>Configure page. When a rule triggers, an action can be triggered based on the address of the host that triggered the rule. This page is used to specify the action that will be applied.
How can I specify the action to take when a rule triggers?
The table contains a row for each rule that has been defined. A Control Action setting is available for each rule. Possible values are:
- None, don't take any control action when this rule triggers.
- Priority, lower the priority of traffic from the host that triggered the rule.
- Rate Limit, rate limit the switch port connnected to the host that triggered the rule.
- Block, disable the switch port connected to the host that triggered the rule.
Once the the desired control actions have been specified, click on the Submit button for the changes to take effect.
Note: Control actions will only be applied to rules that trigger after the change has been made. The policy change will not effect existing controls or cause controls to be applied to hosts that have previously triggered rules.
WARNING Control actions that are implemented based on rules must be manually cancelled.
How can I see which rule-based controls are active?
The Sentinel: Controller>Controls page lists all the currently active controls. Rule-based controls can be identified because their Source will be identified as Event.
How can I cancel a control?
The Sentinel: Controller>Controls page lists all the currently active controls and allows controls to be removed. Rule-based controls can be identified because their Source will be identified as Event.