[Prev][Next][Report an Error]

Adding an IPS Rulebase—Quick Configuration

You can use J-Web Quick Configuration to quickly configure and add an IPS rulebase.

Figure 55: Quick Configuration Page for Adding an IPS Rulebase

 Quick Configuration
Page for Adding an IPS Rulebase

To configure an IPS rulebase with Quick Configuration:

  1. Select Configuration > Quick Configuration > Security Policies > IDP.
  2. In the Policy Name text box, type a policy name.
  3. Under IPS Rulebase, click Add to add an IPS rulebase.

    Figure 55 shows the Quick Configuration page for IPS rulebase.

  4. Fill in the information as described in Table 135.
  5. Click one of the following buttons:

Table 135: Adding an IPS Rulebase Quick Configuration Page Summary

Field

Function

Actions

Policy Name

Specifies the name of the IDP Policy.

Displays the name of the IDP policy.

Rulebase

Specifies IPS rule to create, modify, delete, and reorder the rules in a rulebase.

Displays the name of the rulebase.

Configure Rule Name and Description

Rule Name

Specifies the name of the IPS rulebase rule.

Type a rule name.

Description

Specifies the description for the rule.

Type the description for the rule.

Rule Match Criteria
From-Zone and Source Addresses/Address Sets

Match

Specifies the match criteria for the source zone for each rule.

Click the option button to enable the match criteria.

Source Address Book

Lists all the from-zone and source addresses/address sets for the policy.

Select the from-zone and source addresses/address sets from the list and do one of the following:

  • To match the from-zone and source address/address sets to the rule, click the left arrow.
  • To make the from-zone exceptions for each rule, click the right arrow.

Except

Specifies the zone exceptions for the from-zone and source address for each rule.

Click the option button to enable the exception criteria.

To-Zone and Destination Addresses/Address Sets

Match

Specifies the match criteria for the to-zone and source addresses for each rule.

Click the option button to enable the match criteria.

Destination Address Book

Lists all the to-zone and destination addresses/address sets for the policy.

Select the to-zone and destination addresses/address sets from the list and do either one of the following:

  • To match the to-zone and destination addresses/address sets to the rule, click the left arrow.
  • To make the to-zone exceptions for each rule, click the right arrow.

Except

Specifies the except criteria for the to-zone and source address for each rule.

Click the option button to enable exception criteria.

Applications and Application Sets

Matched

Specifies the type of network traffic you want the device to monitor for attacks.

 

Application/Application Sets

Lists one or multiple configured applications and application sets.

Select the applications and application sets to be matched and do either one of the following:

  • To match the rule to the applications/application sets, click the left arrow.
  • To remove the rule match for the applications/application sets, select the rule match and click the right arrow.
Specify a rule action

Rule Action

Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.

Select a rule action from the list.

Attacks and Attack Action

Predefined Attacks

Specifies predefined attack objects that are used to match the traffic against known attacks.

Type a valid predefined attack name and do either one the following:

  • To add a predefined attack, type it next to the Add button, and click Add.
  • To remove a predefined attack, select it in the Predefined Attacks box, and click Delete.

Predefined Attack Groups

Specifies predefined attack groups that are used to match the traffic against known attack objects.

Enter a valid predefined attack group name and do either one the following:

  • To add a predefined attack group, type it next to the Add button, and click Add.
  • To remove a predefined attack group, select it in the Predefined Attack groups box, and click Delete.

Custom Attacks

Specifies the custom attack objects to detect new attacks that are unique to your network.

Select one or multiple custom attacks from the Custom Attacks List and do either one of the following:

  • To match a custom attack to the rule, click the left arrow.
  • To remove the rule match for the custom attack to the rule, select the rule match and click the right arrow.
Attack Action

IP Action

Specifies the action IDP takes against future connections that use the same IP address.

Select an IP action from the list.

IP Target

Specifies the destination IP address.

Select an IP target from the list.

Timeout

Specifies the number of seconds IP action should remain effective before new sessions are initiated within that specified timeout value.

Type the timeout value, in seconds.

Log IP Action

Specifies if the log attacks are enabled to create a log record that appears in the log viewer.

Select the check box.

Rule Additional Actions

Severity

Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server.

Select a severity level from the list.

Terminal

Specifies if the terminal rule flag is set or unset.

Select the check box.

Notifications - Attack Logging

Enable

Specifies if the configuring attack logging alert is enabled.

Select the check box.

Set Alert Flag

Specifies if an alert flag is set.

Select the check box.


[Prev][Next][Report an Error]