Once you have the Enhanced Firewall Services (EFS) feature activated at the Enterprise level, now you can view the details of the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) Signatures that an Edge is using to filter the traffic from the VMware SASE Orchestrator.
You can view the IDS/IPS Signatures at the Enterprise level by logging into the
SD-WAN service of the Enterprise portal and navigating to the
page.
The IDS/IPS Signatures page displays the Default signature details such as name and file version of the signature, total number of intrusion signatures present in the downloaded bundle, and the date and time when the signature data is uploaded.
You can click the link under the
Total Intrusion Signaturescolumn to view the following additional details about the signatures present in the downloaded bundle. You can use the Search and Filter options in the UI to search and find any specific signatures within the bundle.
Field | Description |
---|---|
SignatureId | Unique ID of the IDS signature. |
IDS Severity | Signature severity of the intrusion. The following are the Severity rating:
|
Product Affected | Illustrates what product is vulnerable to the exploit. |
Attack Target | Target of the attack. |
Attack Type | Type of attack, such as trojan horse, or denial of service (DoS). |
CVSS | Common Vulnerability Score of the vulnerability targeted by the exploit. |
CVE(s) | CVE reference of the vulnerability targeted by the exploit. |