Adding an IPS Rulebase
To add an IPS rulebase:
- Select Configure>Security>Policy>IDP Policies.
- To add an IPS rulebase for an existing IDP policy, select Rulebase:IPS and click Add.
- To add an IPS rulebase for a new policy:
- Click Add on the policy task bar.
- Type a new policy name and select the Activate check box.
- Select Rulebase:IPS and Click Add.
- Fill in the information as described in Table 38.
- Click one of the following buttons:
- To apply the configuration and return to the main configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.
Table 38: Add an IPS Rulebase Page Details
Field | Function | Action |
|---|---|---|
| Basic | ||
Policy Name | Specifies the name of the IDP policy. | Displays the name of the IDP policy. |
Rule Name | Specifies the name of the IPS rulebase rule. | Type a rule name. |
Rule Description | Specifies the description for the rule. | Type the description for the rule. |
Action | Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules. | Select a rule action from the list. |
Application | Lists one or multiple configured applications. | Select the applications to be matched. |
Attack Type | Specifies the attack type that you do not want the device to match in the monitored network traffic. The attack types available are :
Note: You can filter Predefined Attacks by Category, Severity, and Direction fields and Predefined Attack Groups only by the Category field. | Select the attack object or attack group from the list and click the right arrow to match an attack object or attack group to the rule. |
Category | Specifies the category used for scrutinizing rules to sets. | Select a category from the list. |
Severity | Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server. | Select a severity level from the list. |
Direction | Specifies the direction of network traffic you want the device to monitor for attacks. | Select a direction level from the list. |
Matched | Specifies the type of network traffic you want the device to monitor for attacks. | Select the traffic types and click the right arrow to move them to the matched list. |
| Advanced | ||
IP Action | Specifies the action IDP takes against future connections that use the same IP address. | Select an IP action from the list. |
IP Target | Specifies the destination IP address. | Select an IP target from the list. |
Timeout | Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value. | Type the timeout value, in seconds. Maximum acceptable value is 65,535 seconds. |
Log IP Action | Specifies if the log attacks are enabled to create a log record that appears in the log viewer. | Select the check box. |
Enable Attack Logging | Specifies if the configuring attack logging alert is enabled. | Select the check box. |
Set Alert Flag | Specifies if an alert flag is set. | Select the check box. |
Terminal | Specifies if the terminal rule flag is set or unset. | Select the check box. |
| Match | ||
From Zone | Specifies the match criteria for the source zone for each rule. | Select the match criteria from the list. |
To Zone | Specifies the match criteria for the destination zone for each rule. | Select the match criteria from the list. |
Source Address | Specifies the zone exceptions for the from-zone and source address for each rule. | Select the from-zone and source addresses/address sets from the list and do one of the following:
|
Destination Address | Specifies the zone exceptions for the to-zone and destination address for each rule. | Select the to-zone and destination addresses/address sets from the list and do one of the following:
|