Each rule is composed of match conditions, objects, actions,
and notifications. When you define an IDP rule, you must specify the
type of network traffic you want IDP to monitor for attacks by using
the following characteristics—source zone, destination zone,
source IP address, destination IP address, and the Application Layer
protocol supported by the destination IP address. The rules are defined
in rulebases, and rulebases are associated with policies.
The configuration instructions in this topic describe how to
create a policy called base-policy, specify a rulebase for
this policy, and then add a rule R1 to this rulebase. In
this example, rule R1:
Specifies the match condition to include any traffic from
a previously configured zone called trust to
another previously configured zone called untrust. The match condition also includes a predefined attack Critical
- TELNET. The application setting in the match condition is default, and matches any application configured in the
attack object.
Specifies an action to drop connection for any traffic
that matches the criteria for rule R1,
Enables attack logging and specifies that an alert flag
is added to the attack log.
Specifies a severity level as critical.
After defining the rule, you specify base-policy as
the active policy on the device.
You can use either the J-Web or the CLI configuration editor
to configure an application set.
