Checks whether the block mode is enabled for the intrusion prevention system (IPS) of Cloud Firewall to allow Cloud Firewall to block malicious traffic and intrusion attempts. If so, the evaluation result is Compliant.
Scenarios
You can enable the block mode for the IPS of Cloud Firewall to allow Cloud Firewall to block malicious traffic and attack behaviors in real-time. This protects internal networks and applications from intrusion threats.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If the block mode is enabled for the IPS of Cloud Firewall, the evaluation result is Compliant. After you enable the block mode, Cloud Firewall blocks malicious traffic and intrusion attempts. If Cloud Firewall is used but the block mode is disabled, the evaluation result is Non-compliant.
Rule details
Parameter | Description |
Rule template name | cfw-ips-runmode-on |
Rule template identifier | |
Automatic remediation | ACS-Cloudfw-ModifyIPSConfig supported |
Trigger type | Periodic: Every 24 hours |
Supported resource type | ACS::::Account |
Input parameter | None |
Non-compliance remediation
For more information, see IPS configuration.