Event Trigger Policies
Navigate to Identities :: Groups
Create a Quarantine IP Group
We will temporarily place users who violate our DPI and Connection Event Triggers into a Transient IP Group. We will assign the Quarantine Group to the Triggers, and while in this group, users will not have internet access and will be directed to the Splash Portal associated with the Customer Onboarding Policy.
Click Create New in the Link Controls scaffold.
| Field | Value |
|---|---|
| Name | Quarantine |
| Priority | 7 |
| Policy | Customer Onboarding |
Navigate to Policies :: Event Triggers
Create a new Connections Trigger
Click Create New in the Connections Triggers scaffold.
| Field | Value |
|---|---|
| Name | 1000 Connections |
| Policies | Basic, Free |
| Max Connections | 1000 |
| Duration | 15 minutes |
| IP Group | Quarantine |
| Flush Connection States | checked |
Create a new Quota Trigger
Click Create New in the Connections Triggers scaffold.
| Field | Value |
|---|---|
| Name | Premium Abuser slowdown |
| Policies | Premium |
| Download | 50 GB |
| Upload | 25 GB |
| Window | 7 days |
| Duration | 1 days |
| Account Group | Basic |
Create a new Remote DPI Signature
Click Create New in the Remote DPI Signature scaffold. Accept the defaults, which will pull from emergingthreats.net 
Edit the Emerging Threats Remote DPI Signature
Click Edit on the Emerging Threats Remote DPI Signature record. Review the list of categories and select several categories by command or control clicking items in the box. 
Create a new DPI Trigger
Click Create New in the DPI Triggers scaffold.
| Field | Value |
|---|---|
| Name | Quarantine Bad Behavior |
| Policies | Basic, Free, Premium |
| Remote Signatures | Emerging Threats |
| IP Group | Quarantine |
| Duration | 30 Minutes |
| Flush connection states | Checked |
Review Policy Dashboard
Click Policies in the top menu. The Policy Dashboard now illustrates our policy enforcement configuration.
Navigate to Identities :: Groups
Update Basic Account Group Priority
When users trigger the Premium Quota Trigger, they are temporarily placed into the Basic Account Group (a transient group membership). Currently, the groups priority is the same as the Premium Account Group (all account groups are set to 4 by default). We need to increase the priority of the Basic Account Group so that it takes priority over the devices other group memberships.
Click Edit on the Basic Account Group.
Increase the priority to 5
Review Final Policy Dashboard
Logs Hits Trigger
The Log Hits Trigger function automatically adds identified IP addresses to a WAN target for a predefined timeframe when events such as repeated failed SSH login attempts or excessive traffic directed at a web server occur. This function allows for targeted restrictions on specific types of traffic, including blocking SSH, HTTP, or HTTPS access. This functionality works on both the LAN and the WAN. The configuration outlined below is intended for events on the WAN side of the rXg.
Create Blacklisted WAN Target Click on Identity :: Definitions. Create a WAN Target definition.
Add WAN Target to Admin ACL Click on System :: Admins. Modify ACL by adding a defined WAN Target.
Create Log Hits Triggers
Proceed to Policies :: Event Triggers. - Click create. - Name the trigger for identification. - Select the Policy that will be enforced. - Define Enforcement Thresholds. - Specify the Duration of transient membership. - Assign a blacklisted WAN target. - Select an email notification for the Log Hits Trigger Record.
Viewing Event Logs Navigate to Archives :: Trigger Logs for detailed event logs.
Additionally the Trigger Logs button under each listed Log Hits Trigger will display the log as well.
IPs are automatically removed after the expiration of the set threshold time duration.
