No
|
Specifies if you want to add, delete, copy, or reorder
rules.
|
Right-click the table cell for the rule number and make
your required modifications.
|
Source Address
|
Specifies the address object that is the source of the
traffic.
|
Select any source address or group.
|
Impersonate > Destination
|
Specifies the address object that is the destination
of the traffic, typically a server or other device on your network.
|
Select the destination object.
Note:
You can also negate one or more address objects to specify
all destinations except the excluded object.
|
Impersonate > Service
|
Specifies the services running on your network.
|
Select the services you want to monitor.
|
Operation
|
Specifies whether or not IDP fakes open ports.
|
Select any of the following options:
- Ignore—This option allows free
passage on your network when creating rules for trusted traffic.
- Impersonate—IDP creates a fake
port open to the public based on the destination IP addresses and
service you selected.
|
IP Action
|
Allows you to log, drop, or close the current connection
for each attack that matches a rule.
|
Select Configure to do any one of
the following actions:
- Enabled—Enable IP actions.
- Action—Specifies the action
you want the IDP to take.
- Block—Specifies which parameters
IDP will use to close or block further connections from the drop-down
list.
- Logging—Specifies the log action
for a matching event.
- Timeout (sec)—Specifies the
number of seconds that this action remains in effect on IDP after
a traffic match.
|
Notification
|
Allows you to create log records with attack information
that you can view real-time in the Log Viewer.
Note:
For more critical attacks, you can also set an alert flag
to appear in the log record.
|
Select Configure to create log records.
Note:
The Configure menu option does not appear if the Mode
column is set to None.
- Select Logging to have a log record
created each time the rule is matched.
- Select Alert to have an alert flag
placed in the Alert column of the Log Viewer for the matching log
record.
- In the Log Actions tab, select desired log actions, if
any.
|
VLAN Tag
|
Specifies that you can configure a rule to only apply
to messages in certain VLANs.
|
Set a value by selecting any of the following options:
- Any—This rule is applied to
messages in any VLAN and to messages without a VLAN tag.
- None—This rule is applied only
to messages that do not have a VLAN tag.
- Select VLAN Tags—This rule
specifies which VLAN tags the rule applies to.
|
Severity
|
Specifies if you can override the inherent attack severity
on a per-rule basis within the IDP rulebase.
|
Set the severity to Default, Info, Warning, Minor, Major, or Critical.
Note:
This column only appears when you view the Security Policy
in Expanded Mode.
|
Install On
|
Specifies the security devices or templates that receive
and use this rule.
|
Select the target security device.
Note:
You can also select multiple security devices on which
to install the rule.
|
Comments
|
Specifies any miscellaneous comment about the rule's
purpose.
|
Enter any additional comments about the rule.
|
