No
|
Specifies if you want to add, delete, copy, or reorder
rules.
|
Right-click the table cell for the rule number and make
your required modifications.
|
Match > Source
|
Specifies the address object that is the source of the
traffic.
|
Select any to monitor network traffic
originating from any IP address.
Note:
You can also negate one or more address objects to specify
all sources except the excluded object.
|
Match > Destination
|
Specifies the address object that is the destination
of the traffic, typically a server or other device on your network.
|
Select the destination object.
Note:
You can also negate one or more address objects to specify
all destinations except the excluded object.
|
Match > Service
|
Specifies service objects in rules to service an attack
to access your network.
|
Set a service by selecting any of the available options.
Note:
We recommend that you do not change the default value, TCP-ANY.
|
Mode
|
Specifies the mode that indicates how IDP handles TCP
traffic.
|
Select any of the following options:
- None—Specifies that IDP takes
no action and does not participate in the three-way handshake.
- Relay—Specifies that IDP acts
as the middleman or relay, for the connection establishment, performing
the three-way handshake with the client host on behalf of the server.
Note:
Relay mode might note work as expected for MPLS traffic.
When the IDP engine processes MPLS traffic, it stores the MPLS label
information for traffic in each direction. In the case of traffic
that matches SYN Protector rules in relay mode, the IDP appliance
is programmed to send a SYN-ACK before the traffic has reached the
server. In these cases, the IDP engine does not have server-to-client
MPLS label information. Therefore, the SYN-ACK packet does not include
an MPLS label. Some MPLS routers can add packets without a label to
an existing MPLS tunnel; others drop such packets.
- Passive—Specifies that IDP
handles the transfer of packets between the client host and the server,
but does not actively prevent the connection from being established.
|
Notification
|
Allows you to create log records with attack information
that you can view real-time in the Log Viewer.
Note:
For more critical attacks, you can also set an alert flag
to appear in the log record.
|
Select Configure to create log records.
Note:
The Configure menu option does not appear if the Mode
column is set to None.
- Select Logging to have a log record
created each time the rule is matched.
- Select Alert to have an alert flag
placed in the Alert column of the Log Viewer for the matching log
record.
- In the Log Actions tab, select desired log actions, if
any.
|
VLAN Tag
|
Specifies that you can configure a rule to only apply
to messages in certain VLANs.
|
Set a value by selecting any of the following options:
- Any—This rule is applied to
messages in any VLAN and to messages without a VLAN tag.
- None—This rule is applied only
to messages that do not have a VLAN tag.
- Select VLAN Tags—This rule
specifies which VLAN tags the rule applies to.
|
Severity
|
Specifies if you can override the inherent attack severity
on a per-rule basis within the IDP rulebase.
|
Set the severity to Default, Info, Warning, Minor, Major, or Critical.
Note:
This column only appears when you view the Security Policy
in Expanded Mode.
|
Install On
|
Specifies the security devices or templates that receive
and use this rule.
|
Select the target security device.
Note:
You can also select multiple security devices on which
to install the rule.
|
Comments
|
Specifies any miscellaneous comment about the rule's
purpose.
|
Enter any additional comments about the rule.
|
