Adding an IPS Rulebase

Policy Name

Specifies the name of the IDP policy.

Displays the name of the IDP policy.

Rule Name

Specifies the name of the IPS rulebase rule.

Type a rule name.

Rule Description

Specifies the description for the rule.

Type the description for the rule.

Action

Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.

Select a rule action from the list.

Application

Lists one or multiple configured applications.

Select the applications to be matched.

Attack Type

Specifies the attack type that you do not want the device to match in the monitored network traffic.

The attack types available are :

• Predefined Attacks : Specifies predefined attack objects that you can use to match the traffic against known attacks.
• Predefined Attack Groups: Specifies predefined attack groups that you can use to match the traffic against known attack objects.
• Custom Attacks: Specifies the list of custom attack names configured by you
• Custom Attack Groups: Specifies the custom attack group names configured by you.
• Dynamic Attack Groups: Specifies the dynamic attack group names configured by you. Dynamic attack groups select its members based on the filters specified in the group.

Select the attack object or attack group from the list and do one of the following:

• To match a custom attack to the rule, click the left arrow.
• To match an attack object or attack list to the rule, click right arrow.

Category

Specifies the category used for scrutinizing rules to sets.

Select a category from the list.

Severity

Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server.

Select a severity level from the list.

Direction

Specifies the direction of network traffic you want the device to monitor for attacks.

Select a direction level from the list.

Matched

Specifies the type of network traffic you want the device to monitor for attacks.

Select the traffic types and click the right arrow to move them to the matched list.

IP Action

Specifies the action IDP takes against future connections that use the same IP address.

Select an IP action from the list.

IP Target

Specifies the destination IP address.

Select an IP target from the list.

Timeout

Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value.

Type the timeout value, in seconds. Maximum acceptable value is 65,535 seconds.

Log IP Action

Specifies if the log attacks are enabled to create a log record that appears in the log viewer.

Select the check box.

Enable Attack Logging

Specifies if the configuring attack logging alert is enabled.

Select the check box.

Set Alert Flag

Specifies if an alert flag is set.

Select the check box.

Terminal

Specifies if the terminal rule flag is set or unset.

Select the check box.

From Zone

Specifies the match criteria for the source zone for each rule.

Select the match criteria from the list.

To Zone

Specifies the match criteria for the destination zone for each rule.

Select the match criteria from the list.

Source Address

Specifies the zone exceptions for the from-zone and source address for each rule.

Select the from-zone and source addresses/address sets from the list and do one of the following:

• Click the Match button to match the from-zone and source address/address sets to the rule and click the right arrow.
• Click the Except button to enable the exception criteria.

Destination Address

Specifies the zone exceptions for the to-zone and destination address for each rule.

Select the to-zone and destination addresses/address sets from the list and do one of the following:

• Click the Match button to match the from-zone and source address/address sets to the rule and click the right arrow.
• Click the Except button to enable the exception criteria.