Technical Documentation

Downloads
Understanding Traffic Anomalies Rulebase IP Actions

Understanding Traffic Anomalies Rulebase IP Actions

If traffic matches a traffic anomalies rule, the IDP appliance can take action against the current connection and against subsequent network traffic from the same IP address. Such actions are called IP actions. By default, the specified IP action is permanent (timeout = 0). If you prefer, you can set a timeout.

Table 1 describes Traffic Anomalies rulebase IP actions.

Table 1: Traffic Anomalies Rulebase IP Actions

IP Action	Description
IP Block	IDP blocks the matching connection and future connections that match combinations of the following properties you specify: Source IP address Source subnet Protocol Destination IP address Destination subnet Destination port From zone
IP Close	IDP closes the matching connection and future connections that match combinations of the following properties you specify: Source IP address Source subnet Protocol Destination IP address Destination subnet Destination port From zone
IP Notify	IDP does not take any action against future traffic but logs the event or sends an alert.

IP Action

Description

IP Block

IDP blocks the matching connection and future connections that match combinations of the following properties you specify:

Source IP address
Source subnet
Protocol
Destination IP address
Destination subnet
Destination port
From zone

IP Close

IDP closes the matching connection and future connections that match combinations of the following properties you specify:

Source IP address
Source subnet
Protocol
Destination IP address
Destination subnet
Destination port
From zone

IP Notify

IDP does not take any action against future traffic but logs the event or sends an alert.

Note: Traffic Anomalies rulebase IP actions are the same IP actions available for IDP rulebase rules.

Technical Documentation

Understanding Traffic Anomalies Rulebase IP Actions

Published: 2010-01-12