[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Inserting a Rule in the Rulebase

The IDP rule-matching algorithm starts from the top of the rulebase and checks traffic against all rules in the rulebase that match the specified match conditions. You determine the sequence in which rules are applied to network traffic by placing them in the desired order. When you add a rule to the rulebase, it is placed at the end of the existing list of rules. To place a rule in any other location than at the end of the rulebase, you insert the rule at the desired location in the rulebase.

Before You Begin
  1. For background information, read:
  2. Establish basic connectivity. For more information, see the Getting Started Guide for your device.
  3. Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
  4. Define rules in a rulebase. SeeDefining Rules for an IPS Rulebase.

The configuration instructions in this topic describe how to insert rule R2 before rule R1.

You can use either J-Web or the CLI configuration editor to insert a rule.

This topic contains:

CLI Configuration

To insert a rule in the rulebase:

  1. Define the position of the rule in the rulebase based on the order in which you want the rule to be evaluated. The following configuration statement places rule R2 before rule R1 in the IPS rulebase in a policy called base-policy:
    user@host# insert security idp idp-policy base-policy rulebase-ips rule R2 before rule R1
  2. If you are finished configuring the router, commit the configuration.
  3. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]