Solutions Fast Track

Do not change the default program for a pop-up alert.

Be very cautious when changing the time parameters, specifically Excessive Log Grace Period. Your company may have a log retention policy that mandates verbose logging.

Remember that if you re using multiple log hosts , you ll run the possibility of getting multiple alerts.

Make every attempt to put the power of user-defined alerts to work for you.

Be sure that you test any user-defined script against all the rules in the rulebase set to run it as an action. NAT, ICMP (and NAT ed ICMP), and VPN traffic will have different formats sent as input to the script.

Use SAM to enhance the power of your user-defined alert scripts.

Be sure that you double-check the connection information before performing a block, and consider using the time restrictions.

Remember that the GUI method to unblock a connection cannot specify which connection to unblock; it s all or nothing!