Configuring IDS Match Conditions
To configure IDS match conditions, include the from statement at the [edit services ids rule rule-name term term-name] hierarchy level:
from {
applications [ application-names ];
application-sets [ set-names ];
destination-address(address |any-unicast) <except>;
destination-address-range lowminimum-valuehighmaximum-value<except>
destination-prefix-listlist-name<except>;
source-address(address |any-unicast) <except>;
source-address-range lowminimum-valuehighmaximum-value<except>
source-prefix-listlist-name<except>;
}
If you omit the from statement, the software accepts all events and places them in the IDS cache for processing.
You can use the destination address, a range of destination addresses, a source address, or a range of source addresses as a match condition, in the same way that you would configure a firewall filter; for more information, see the JUNOS Policy Framework Configuration Guide.
Alternatively, you can specify a list of source or destination prefixes by configuring the prefix-list statement at the [edit policy-options] hierarchy level and then including either the destination-prefix-list or source-prefix-list statement in the IDS rule. For an example, see Examples: Configuring Stateful Firewall Properties.
You can also include application protocol definitions that you have configured at the [edit applications] hierarchy level; for more information, see Applications Configuration Guidelines:
- To apply one or more specific application protocol definitions, include the
applicationsstatement at the[edit services ids rulerule-nametermterm-namefrom]hierarchy level. - To apply one or more sets of application protocol definitions that you have defined, include the
application-setsstatement at the[edit services ids rulerule-nametermterm-namefrom]hierarchy level.
If a match occurs on an application, the application protocol is displayed separately in the show services ids command output. For more information, see the JUNOS System Basics and Services Command Reference.