[Contents] [Prev] [Next] [Index] [Report an Error]

CLI Configuration

To define rules for an exempt rulebase:

  1. Specify the IPS rulebase for which you want to define and exempt rulebase. The following statement specifies policy P1 as the IPS rulebase:
    user@host# set security idp idp-policy P1
  2. Associate the exempt rulebase with the policy and add a rule to the rulebase. The following statement associates the exempt rulebase with policy P1 and adds rule R1 to the rulebase:
    user@host# set security idp idp-policy P1 rulebase-exempt rule R1
  3. Specify the attacks that you want to exempt from attack detection. The following configuration statement specifies that any traffic in your company's internal network is exempt from the FTP:USER:ROOT attack:
    user@host# set security idp idp-policy P1 rulebase-exempt R1 match from-zone trust to-zone any source-address internal-devices destination-address any attacks predefined-attacks “FTP:USER:ROOT”
  4. Activate the policy. The following statement specifies policy P1 as the active policy on the device:
    user@host# set security idp active-policy P1
  5. If you are finished configuring the router, commit the configuration.
  6. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.