Each rule is composed of match conditions, objects, actions,
and notifications. When you define an IDP rule, you must specify the
type of network traffic you want IDP to monitor for attacks by using
the following characteristics—source zone, destination zone,
source IP address, destination IP address, and the Application Layer
protocol supported by the destination IP address. The rules are defined
in rulebases, and rulebases are associated with policies.
The configuration instructions in this topic describe how to
create a policy called base-policy, specify a rulebase for
this policy, and then add a rule R1 to this rulebase. In
this example, rule R1:
Specifies the match condition to include any traffic from
a previously configured zone called trust to
another previously configured zone called untrust. The match condition also includes a predefined attack group Critical - TELNET. The application setting in the match condition
is default and matches any application configured
in the attack object.
Specifies an action to drop connection for any traffic
that matches the criteria for rule R1,
Enables attack logging and specifies that an alert flag
is added to the attack log.
Specifies a severity level as critical.
After defining the rule, you specify base-policy as
the active policy on the device.
You can use either J-Web or the CLI configuration editor to
configure an application set.
