Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.95
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Objects Threat Signature Database Security Database IPS Signature Database
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","IPS Signature Database")}}

IPS Signature Database

{{ $t('productDocDetail.updateTime') }}: 2025-12-25

IPS Signature Database covers the features of attack packets that exploit system and application vulnerabilities. When passing through the device, these attack packets can be intercepted based on user settings to protect the server, as shown in the figure below.

A screenshot of a computer Description automatically generated

Edit Global Action: Used for unified modification of IPS signature identification rules if Default action (initial system state) is selected, the system's rule state is retained. If Block if attack detected is selected, the actions for all identification rules will be set to Enable, block after detection. Rules with the medium hazard level will be passed under the default status of the system, while rules of any hazard level will be intercepted after strict detection is enabled.

A screenshot of a computer error Description automatically generated

Restore Default Action: Restore all modified rules to the default state.

The device provides the search function for vulnerability rules against vulnerability attacks. You can search by setting the Vulnerability category and query category and entering keywords (such as the vulnerability name and ID).

Vuln ID: This shows the ID of the current vulnerability. It allows you to check the vulnerability ID in the report center when an IPS event is being triggered. By querying the vulnerability ID here, you can pass this rule.

Vuln Name: This shows the name of the vulnerability.

Type: Show the current vulnerability type, such as Backdoor.

Threat Level: Describe the severity of the current vulnerability. It includes three levels: High, Medium, and Low. The higher the level, the higher the severity.

Status: Describe the action taken by the device when detecting an attack against the vulnerability, including Enabled. Block if attack detected, Enabled. Allow if attack detected, and Disable. This action can be customized. Click a vulnerability name to go to the Edit Signature page, as shown below.

A screenshot of a computer Description automatically generated

Enabled. Block if attack detected: Indicate that the current rule is enabled, and when an attack against the vulnerability is detected, the corresponding packet is blocked.

Enabled. Allow if attack detected: Indicate that the current rule is enabled. When an attack against the vulnerability is detected, the packet is logged but not blocked.

Disable: Indicate that the current rule is disabled. When the rule is disabled, the device does not detect the vulnerability.

A green background with white letters Description automatically generated

The pass and block attributes of the vulnerability signature database have been configured before delivery. When you need to modify a rule, edit the rule.