• Downloads
• IDP Rulebase Example: Specifying the Default Service    

• Related Topics
• IDP Rulebase Example: Using Application Identification
• Understanding IDP Rulebase Rule Match Settings
• Understanding the IDP Rulebase

IDP Rulebase Example: Specifying the Default Service

This example demonstrates the usefulness of specifying the value Default for the service match parameter in IDP rulebase rules.

When you specify a service, you have the option to specify:

• A service object
• Any
• Default

If you specify the value Default, the rule gets the service parameter from the attack object. For example, if the attack object service binding specifies FTP, and you specify the value Default for service, the match value is FTP.

Figure 1 is an example of a rule where the default service resolves to FTP.

Tip: With application Identification enabled, the IDP process engine identifies services even if they are running on nonstandard ports. If you disable application identification and specify Default, the IDP process engine assumes that standard ports are used for the service.

Note: If you do not enable application identification and your service uses nonstandard ports, you must create a custom service object. For procedures, see the NSM documentation.