To configure IDS match conditions, include the from statement at the [edit services ids rule rule-name term term-name] hierarchy level:
-
from {
-
applications [ application-names ];
-
application-sets [ set-names ];
-
destination-address (address | any-unicast) <except>;
-
destination-address-range low minimum-value high maximum-value <except>;
-
destination-prefix-list list-name <except>;
-
source-address (address | any-unicast) <except>;
-
source-address-range low minimum-value high maximum-value <except>;
-
source-prefix-list list-name <except>;
- }
If you omit the from statement, the software accepts all events and places them in the IDS cache for processing.
The source address and destination address can be either IPv4 or IPv6. You can use the destination address, a range of destination addresses, a source address, or a range of source addresses as a match condition, in the same way that you would configure a firewall filter; for more information, see the JUNOS Policy Framework Configuration Guide.
Alternatively, you can specify a list of source or destination prefixes by configuring the prefix-list statement at the [edit policy-options] hierarchy level and then including either the destination-prefix-list or source-prefix-list statement in the IDS rule. For an example, see Examples: Configuring Stateful Firewall Properties.
You can also include application protocol definitions that you have configured at the [edit applications] hierarchy level; for more information, see Applications Configuration Guidelines.
 |
Note: If you include one of the statements that specifies application protocols, the router derives port and protocol information from the corresponding configuration at the [edit applications] hierarchy level; you cannot specify these properties as match conditions. |
If a match occurs on an application, the application protocol is displayed separately in the show services ids command output. For more information, see the JUNOS System Basics and Services Command Reference.