 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
IP actions are actions that apply on future connections that use the same IP action attributes. For example, you can configure an IP action in the rule to block all future HTTP sessions between two hosts if an attack is detected on a session between the hosts. Or you can specify a timeout value that defines that the action should be applied only if new sessions are initiated within that specified timeout value. The default timeout value for IP actions is 0, which means that IP actions are never timed out.
|
Before You Begin |
|---|
|
For background information, read: |
IP actions are similar to other actions; they direct IDP to drop or close the connection. However, because you now also have the attacker’s IP address, you can choose to block the attacker for a specified time. If attackers cannot immediately regain a connection to your network, they might try to attack easier targets. Use IP actions in conjunction with actions and logging to secure your network.
IP action attributes are a combination of the following fields:
Table 97 summarizes the types IP actions supported by IDP rules:
Table 97: IDP Rule IP Actions
When traffic matches multiple rules, the most severe IP action of all matched rules is applied. The most severe IP action is the Drop/Block Session action, the next in severity is the Close Session action, and then the Notify action.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |