- Feature: IPS with inline enforcement
- Profiles: Default and custom IPS Profiles supported
- Custom Rulesets: Suricata-based, external feed integration
- Automation: Full Terraform and API support
- UI Update: IPS configuration under DCF
Key Features
- Drop Traffic on Signature Match: IPS enforces inline live traffic for immediate protection
- IPS Profiles: Define actions per signature severity (alert or drop). Built-in Default IPS Profile or custom profiles with user-defined rule feeds and signature ignoring
- Custom Suricata Rulesets: Apply custom Suricata rule feeds for rapid response to emerging threats
- Per-VPC Control: Apply IPS Profiles to specific VPCs to override defaults, or set custom IPS profiles as default. DCF Policy determines which traffic is inspected by IPS
- Terraform and API Support: Full automation for IPS configuration and profile management
IPS Benefits
- Immediate Enforcement: IPS works inline on the data path for real-time protection
- Granular Control: Different IPS Profiles per VPC; ignore or customize signatures as needed
- Custom Rulesets: Rapid response to emerging threats; tailor rules for unique environments
- Compliance and Security Posture: Meets enterprise requirements for proactive threat prevention
- Reduced Risk: Stops malicious traffic instantly
- Operational Agility: Quick adaptation to new threats
- Enterprise Readiness: Scalable, customizable security for multicloud environments
IPS Enforcement Flow
- Traffic Selection: DCF policy determines which flows are inspected
- Signature Matching: IPS evaluates traffic against Suricata rules
- Action Execution: Alert only (IDS mode) or Drop traffic (IPS mode)
- Logging and Reporting: Events logged with severity, signature ID, and action
Configure IPS
Configure IPS on Aviatrix CoPilot
To configure IPS on Aviatrix CoPilot, follow these steps:- Go to Security > Distributed Cloud Firewall > IPS.
- Review the Default IPS Profile or create a Custom IPS Profile: Define drop actions based on the Severity levels of the Suricata rules. For example, if Major and higher is selected, any traffic that IPS inspects and triggers a Major or Critical severity level will be dropped.
- (Optional) Upload Custom Suricata Ruleset. Note: Please refer to https://sidallocation.org/ for recommended signature ranges. “Local” signature rules should be in the range of 1000000-1999999 to avoid conflicts with well-known feeds.
- Assign IPS Profile to specific VPCs or set custom IPS profile as default
- Turn on Intrusion analysis and TLS decryption (for DPI) in DCF policy.
- You can validate the enforcement via CoPilot > Security > Distributed Cloud Firewall > Monitor > Intrusion Logs