TechLibrary

Navigation

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Example: Deactivating and Activating Rules in an IDP Rulebase

This example shows how to deactivate and activate a rule in a rulebase.

Requirements

Before you begin:

Configure network interfaces. See Junos OS Interfaces Configuration Guide for Security Devices .
Define rules in a rulebase. See Example: Defining Rules for an IDP IPS Rulebase.

Overview

In a rulebase, you can disable and enable rules by using the deactivate and activate commands. The deactivate command comments out the specified statement from the configuration. Rules that have been deactivated do not take effect when you issue the commit command. The activate command adds the specified statement back to the configuration. Rules that have been activated take effect when you next issue the commit command. This example shows how to deactivate and reactivate rule R2 in an IDP IPS rulebase that is associated with a policy called base-policy.

Configuration

Step-by-Step Procedure

To deactivate and activate a rule in a rulebase:

Specify the rule that you want to deactivate.
[edit]user@host# deactivate security idp idp-policy base-policy rulebase-ips rule R2
Activate the rule.
[edit]user@host# activate security idp idp-policy base-policy rulebase-ips rule R2
If you are done configuring the device, commit the configuration.
[edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security idp status command.