Uploading Custom Intrusion Signatures

1.

Go to the Services > Intrusion system > Signatures page.

2.

Configure the following:

•

Custom signatures — Click Choose File to locate and select the signatures file you want to upload.

Click Upload to upload the file. The Smoothwall uploads the file and makes it available for inclusion in detection and prevention policies on the Services > Intrusion system > Policies page.

Note: Use custom signatures with caution as the Smoothwall cannot verify custom signature integrity.

•

Use syslog for Intrusion logging — Select this option to enable logging intrusion events in the syslog.

•

Oink code — If you have signed-up with Sourcefire to use their signatures, enter your Oink code here.

Click Update to update and apply the latest signature set. The Smoothwall downloads the signature set and makes it available for inclusion in detection and prevention policies on the Services > Intrusion system > Policies page.

Note that updating the signatures can take several minutes.

3.

Click Save.

Any custom signatures you have uploaded, or Sourcefire VRT signatures you have downloaded to the Smoothwall will be listed on the Services > Intrusion system > Policies page. For information about deploying intrusion policies, see Deploying Intrusion Detection Policies and Deploying Intrusion Prevention Policies.

Note: If you choose to delete custom signatures, the Smoothwall will delete all custom signatures. If there are detection or prevention policies which use custom signatures, the signatures will be deleted from the policies.

1.

Go to the Services > Intrusion system > Signatures page.

2.

Locate the relevant signature.

3.

Click Delete.

4.

Confirm the deletion.