Adding an IPS Rulebase
To add an IPS rulebase:
- Select Configure>Security>Policy>IDP Policies.
- To add an IPS rulebase for an existing IDP policy, select Rulebase:IPS and click Add.
- To add an IPS rulebase for a new policy:
- Click Add on the policy taskbar.
- Type a new policy name and select the Activate check box.
- Select Rulebase:IPS and Click Add.
- Enter information as specified in Table 52.
- Click one of the following buttons:
- OK—Saves the configuration and returns to the main configuration page.
- Commit Options>Commit—Commits the configuration and returns to the main configuration page.
- Cancel—Cancels your entries and returns to the main configuration page.
- Reset—Resets your entries and returns to update new configuration details.
- Close—Closes your entries and returns to the main configuration page.
Table 52: Add an IPS Rulebase Page Details
Field | Function | Action |
|---|---|---|
| Basic | ||
Policy Name | Specifies the name of the IDP policy. | Displays the name of the IDP policy. |
Rule Name | Specifies the name of the IPS rulebase rule. | Type a rule name. |
Rule Description | Specifies the description for the rule. | Type the description for the rule. |
Action | Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules. | Select a rule action from the list. |
Application | Lists one or multiple configured applications. | Select the applications to be matched. |
Attack Type | Specifies the attack type that you do not want the device to match in the monitored network traffic. The attack types available are:
Note: You can filter predefined attacks by Category, Severity, and Direction fields and predefined attack groups only by the Category field. | Select the attack object or attack group from the list and click the right arrow to match an attack object or attack group to the rule. |
Category | Specifies the category used for scrutinizing rules to sets. | Select a category from the list. |
Severity | Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server. | Select a severity level from the list. |
Direction | Specifies the direction of network traffic that you want the device to monitor for attacks. | Select a direction level from the list. |
Matched | Specifies the type of network traffic that you want the device to monitor for attacks. | Select the traffic types and click the right arrow to move them to the matched list. |
| Advanced | ||
IP Action | Specifies the action IDP takes against future connections that use the same IP address. | Select an IP action from the list. |
IP Target | Specifies the destination IP address. | Select an IP target from the list. |
Timeout | Specifies the number of seconds that the IP action should remain effective before new sessions are initiated within that specified timeout value. | Type the timeout value, in seconds. The maximum acceptable value is 65,535 seconds. |
Log IP Action | Specifies whether the log attacks are enabled to create a log record that appears in the log viewer. | Select the check box. |
Enable Attack Logging | Specifies whether the configuring attack logging alert is enabled. | Select the check box. |
Set Alert Flag | Specifies whether an alert flag is set. | Select the check box. |
Terminal | Specifies whether the terminal rule flag is set or unset. | Select the check box. |
| Match | ||
From Zone | Specifies the match criteria for the source zone for each rule. | Select the match criteria from the list. |
To Zone | Specifies the match criteria for the destination zone for each rule. | Select the match criteria from the list. |
Source Address | Specifies the zone exceptions for the from-zone and source address for each rule. | Select the from-zone and source addresses/address sets from the list, and do one of the following:
|
Destination Address | Specifies the zone exceptions for the to-zone and destination address for each rule. | Select the to-zone and destination addresses/address sets from the list, and do one of the following:
|