Set up Alerts only on LAN
Hello,
I am setting up e-mail alerts on my LAN interface only for IPS/IDS. The purpose is to catch attacks on the LAN while avoiding alerts from the WAN zone that flood my inbox.
In the security services there is a category 'attacks' separate from IDS, IPS, Gateway AV and Gateway Anti-Malware. This is where a lot of alerts are triggered from the constant port scans, etc. against the WAN. I want to disable port scan alerts on the WAN but not on the LAN.
My questions are:
In the zones, I have Gateway AV, Anti Spyware and IPS enabled. Which of these is the 'attacks' category that alerts me about port scans, Xmas Tree Acttacks, etc.? Do attacks fall under the IPS category?
If I disable IPS on the WAN to avoid receiving alerts, will this affect security? Will IPS cease to repel these attacks on the WAN interface?
is there a better way to get alerts from the LAN while avoiding alerts from the WAN?