Once you have the Enhanced Firewall Services (EFS) feature activated at the Enterprise level, now you can view the details of the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) Signatures that an Edge is using to filter the traffic from the VMware SASE Orchestrator.
You can view the IDS/IPS Signatures at the Enterprise level by logging into the
SD-WAN service of the Enterprise portal and navigating to the
Configure > Security > IDS/IPS Signatures page.
The IDS/IPS Signatures page displays the Default signature details such as name and file version of the signature, total number of intrusion signatures present in the downloaded bundle, and the date and time when the signature data is uploaded.
You can click the link under the
Total Intrusion Signaturescolumn to view the following additional details about the signatures present in the downloaded bundle. You can use the Search and Filter options in the UI to search and find any specific signatures within the bundle.
Field
Description
SignatureId
Unique ID of the IDS signature.
IDS Severity
Signature severity of the intrusion. The following are the Severity rating:
Critical
High
Medium
Minor
Low
Suspicious
Product Affected
Illustrates what product is vulnerable to the exploit.
Attack Target
Target of the attack.
Attack Type
Type of attack, such as trojan horse, or denial of service (DoS).
CVSS
Common Vulnerability Score of the vulnerability targeted by the exploit.
CVE(s)
CVE reference of the vulnerability targeted by the exploit.
