Add an IDP Policy
You are here: Configure > Security Services > IPS > Policy.
To add an IDP policy:
- Click the add icon (+) on the upper right side
of the Policy page.
The Add IDP Policy page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add IDP Policy Page
Enter the name of the IPS policy.
Specifies the IPS rule created. The options available are:
Select an option.
Displays the name of the IDP policy.
Enter a rule name.
Enter the description for the rule.
Select a rule action from the list to specify the list of all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.
Specifies the list of one or multiple configured applications.
Select the applications to be matched.
Specifies the attack type that you do not want the device to match in the monitored network traffic. The options available are:
Select an option from the list and click the right arrow to match an attack object or attack group to the rule.
Select a category from the list to specify the category used for scrutinizing rules of sets.
Select a severity level from the list to specify the rule severity levels in logging to support better organization and presentation of log records on the log server.
Select a direction level from the list to specify the direction of network traffic you want the device to monitor for attacks.
Enables you to search a specific data from the list.
Note: This tab is not available for Rulebase exempt.
Specifies the action that IDP takes against future connections that use the same IP address.
Select an IP action from the list.
Select an IP target from the list.
Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value.
Enter the timeout value, in seconds. The maximum value is 65,535 seconds.
Log IP Action
Select the check box to specify whether or not the log attacks are enabled to create a log record that appears in the log viewer.
Enable Attack Logging
Select the check box to specify whether or not the configuring attack logging alert is enabled.
Set Alert Flag
Select the check box to specify whether or not an alert flag is set.
Select an option from the list to specify the rule severity level.
Select the check box to specify whether or not the terminal rule flag is set.
Select the match criteria for the source zone for each rule.
Select the match criteria for the destination zone for each rule.
Select the zone exceptions for the from-zone and source address for each rule. The options available are:
Select the zone exceptions for the to-zone and destination address for each rule. The options available are: