The Traffic Blocked by IPS page displays real-time data of traffic blocked by the intrusion prevention system (IPS) of Cloud Firewall. The data includes source locations, destination IP addresses, and applications of the traffic, IPS modules used to block the traffic, and the traffic blocking event details. This topic describes data that is displayed on the Traffic Blocked by IPS page and the operations that you can perform on this page.

Prerequisites

Basic Policies on the Intrusion Prevention page is turned on.Basic policies

Overview

The Traffic Blocked by IPS page displays data of traffic blocked by the Internet firewall and VPC firewalls. You can view details on the Internet Traffic Blocking or VPC Traffic Blocking tab. To go to the Traffic Blocked by IPS page, choose Traffic Analysis > Traffic Blocked by IPS in the left-side navigation pane.Traffic blocked by IPS

Internet Traffic Blocking

On the Internet Traffic Blocking tab, you can view the inbound or outbound traffic that is blocked in the last one hour, one day, seven days, one month, or a custom time range within the last three months.Traffic Blocked by IPS

The Internet Traffic Blocking tab contains the following sections:

  • The Most Blocked Source Locations section displays the source and destination locations of inbound and outbound traffic blocked by the Cloud Firewall IPS.The Most Blocked Source Locations
  • The Blocked Destination IP Addresses section displays the destination IP addresses of inbound or outbound traffic blocked by the Cloud Firewall IPS.Blocked Destination IP Addresses

    If you want to view details about a blocked destination IP address, click the View Logs icon to go to the Log Audit page. In the log list, you can view the destination port and application of the IP address, and the actions that you can perform on the IP address.

  • The Blocked Applications section displays the top five applications whose inbound and outbound traffic is blocked by the Cloud Firewall IPS.Blocked Applications
  • The Blocking Criteria section displays the percentage of traffic blocked by each IPS module.Blocking Criteria
  • The Detailed Data section displays details about each traffic blocking event, including the risk level, number of times the event occurred, source IP address, and destination IP address.Detailed Data

    In the Detailed Data section, you can perform the following operations:

    • Search for events based on the risk level, module, traffic direction, or time range.
    • Click View Details in the Action column to check details about a traffic blocking event.Event details

References