Configure IDS Match Conditions

To configure IDS match conditions, include the from statement at the [edit services ids rule rule-name term term-name] hierarchy level:

[edit services ids rule rule-name term term-name]

from {

    applications [ application-names ];

    application-sets [ set-names ];

    destination-address address;

    source-address address;

}

If you omit the from statement, the software accepts all events and places them in the IDS cache for processing.

You can use either the source address or the destination address as a match condition, in the same way that you would configure a firewall filter; for more information, see the JUNOS Policy Framework Configuration Guide.

You can also include application protocol definitions you have configured at the [edit applications] hierarchy level; for more information, see Configure Applications.

• To apply one or more specific application protocol definitions, include the applications statement at the [edit services ids rule rule-name term term-name from] hierarchy level.
• To apply one or more sets of application protocol definitions you have defined, include the application-sets statement at the [edit services ids rule rule-name term term-name from] hierarchy level.
  

  NOTE: If you include one of the statements that specifies application protocols, the router derives port and protocol information from the corresponding configuration at the [edit applications] hierarchy level; you cannot specify these properties as match conditions.

  
  

If a match occurs on an application, the application protocol is displayed separately in the show command output. For more information, see the JUNOS Network and Services Interfaces Command Reference.