Adding an IPS Rulebase

To add an IPS rulebase:

  1. Select Configure>Security>Policy>IDP Policies.
  2. To add an IPS rulebase for an existing IDP policy, select Rulebase:IPS and click Add.
  3. To add an IPS rulebase for a new policy:
    • Click Add on the policy task bar.
    • Type a new policy name and select the Activate check box.
    • Select Rulebase:IPS and Click Add.
  4. Fill in the information as described in Table 38.
  5. Click one of the following buttons:
    • To apply the configuration and return to the main configuration page, click OK.
    • To cancel your entries and return to the main page, click Cancel.

Table 38: Add an IPS Rulebase Page Details

Field

Function

Action

Basic

Policy Name

Specifies the name of the IDP policy.

Displays the name of the IDP policy.

Rule Name

Specifies the name of the IPS rulebase rule.

Type a rule name.

Rule Description

Specifies the description for the rule.

Type the description for the rule.

Action

Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.

Select a rule action from the list.

Application

Lists one or multiple configured applications.

Select the applications to be matched.

Attack Type

Specifies the attack type that you do not want the device to match in the monitored network traffic.

The attack types available are :

  • Predefined Attacks : Specifies predefined attack objects that you can use to match the traffic against known attacks.
  • Predefined Attack Groups: Specifies predefined attack groups that you can use to match the traffic against known attack objects.

Note: You can filter Predefined Attacks by Category, Severity, and Direction fields and Predefined Attack Groups only by the Category field.

Select the attack object or attack group from the list and click the right arrow to match an attack object or attack group to the rule.

Category

Specifies the category used for scrutinizing rules to sets.

Select a category from the list.

Severity

Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server.

Select a severity level from the list.

Direction

Specifies the direction of network traffic you want the device to monitor for attacks.

Select a direction level from the list.

Matched

Specifies the type of network traffic you want the device to monitor for attacks.

Select the traffic types and click the right arrow to move them to the matched list.

Advanced

IP Action

Specifies the action IDP takes against future connections that use the same IP address.

Select an IP action from the list.

IP Target

Specifies the destination IP address.

Select an IP target from the list.

Timeout

Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value.

Type the timeout value, in seconds. Maximum acceptable value is 65,535 seconds.

Log IP Action

Specifies if the log attacks are enabled to create a log record that appears in the log viewer.

Select the check box.

Enable Attack Logging

Specifies if the configuring attack logging alert is enabled.

Select the check box.

Set Alert Flag

Specifies if an alert flag is set.

Select the check box.

Terminal

Specifies if the terminal rule flag is set or unset.

Select the check box.

Match

From Zone

Specifies the match criteria for the source zone for each rule.

Select the match criteria from the list.

To Zone

Specifies the match criteria for the destination zone for each rule.

Select the match criteria from the list.

Source Address

Specifies the zone exceptions for the from-zone and source address for each rule.

Select the from-zone and source addresses/address sets from the list and do one of the following:

  • Click the Match button to match the from-zone and source address/address sets to the rule and click the right arrow.
  • Click the Except button to enable the exception criteria.

Destination Address

Specifies the zone exceptions for the to-zone and destination address for each rule.

Select the to-zone and destination addresses/address sets from the list and do one of the following:

  • Click the Match button to match the from-zone and source address/address sets to the rule and click the right arrow.
  • Click the Except button to enable the exception criteria.