You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host.
You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
To block everything from a whole network temporarily without adding any rules to the Rule Base, you can use the 'Block intruder' feature from the Tools menu in SmartView Tracker. This allows you to block traffic from the problematic network for a specified duration, such as one hour, while you investigate further. This method does not involve altering the Rule Base.
Monitoring Suspicious Activity Rules Suspicious Activity Monitoring (SAM) is a utility integrated in SmartView Monitor. It blocks activities that you see in the SmartView Monitor results and that appear to be suspicious. For example, you can block a user who tries several times to gain unauthorized access to a network or Internet resource. A Security Gateway with SAM enabled has Firewall rules to block suspicious connections that are not restricted by the security policy. These rules are applied immediately (Install Policy not required).
Wouldn't it be 'B' as you don't want to add any rules to the rulebase? Or is a SAM rule not technically considered a rule?
You do NOT want to create a rule, yet you do it... dumb question... i guess "rulebase's rules" is assumed...