In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
Select the Objects tab, then select Security profiles → IDPS.
In the upper part of the workspace, click the Create button.
This opens the IDPS profile creation window.
In the Name field, enter a name for the new profile.
The name of the profile must be unique among all IDPS profiles.
The maximum length is 128 characters.
If necessary, in the Description field, enter an arbitrary description of the profile.
The maximum length is 256 characters.
Select the action to be applied to traffic if a threat is detected:
Allow to allow traffic when threat signatures are detected.
Block to block traffic when signatures are detected (packets of the established session are dropped).
Reset both to block traffic when threat signatures are detected and send TCP RST to the client side and to the server side for TCP sessions.
When you select a custom IDPS profile with exclusions, multiple signatures with different actions may trigger for a packet at the same time. In such a situation, the Reset both has the highest priority, followed by the Block action, which is applied to traffic. The Allow has the lowest priority.
If necessary, enable security event logging. If logging is enabled, when a threat signature is detected, an event is logged in the IDPS security event log in the SIEM system.
If you want to record traffic for further analysis, in the Packet Capture section, enable the corresponding toggle switch. Traffic is recorded when a signature is triggered. The recorded traffic is sent to the SIEM system as part of the security event.