Policy Name
|
Specifies the name of the IDP Policy.
|
Displays the name of the IDP policy.
|
Rulebase
|
Specifies IPS rule to create, modify, delete, and reorder the
rules in a rulebase.
|
Displays the name of the rulebase.
|
| Configure
Rule Name and Description |
Rule Name
|
Specifies the name of the IPS rulebase rule.
|
Type a rule name.
|
Description
|
Specifies the description for the rule.
|
Type the description for the rule.
|
| Rule Match
Criteria |
| From-Zone
and Source Addresses/Address Sets |
Match
|
Specifies the match criteria for the source zone for each rule.
|
Click the option button to enable the match criteria.
|
Source Address Book
|
Lists all the from-zone and source addresses/address sets for
the policy.
|
Select the from-zone and source addresses/address sets from
the list and do one of the following:
- To match the from-zone and source address/address sets
to the rule, click the left arrow.
- To make the from-zone exceptions for each rule, click
the right arrow.
|
Except
|
Specifies the zone exceptions for the from-zone and source address
for each rule.
|
Click the option button to enable the exception criteria.
|
| To-Zone and
Destination Addresses/Address Sets |
Match
|
Specifies the match criteria for the to-zone and source addresses
for each rule.
|
Click the option button to enable the match criteria.
|
Destination Address Book
|
Lists all the to-zone and destination addresses/address sets
for the policy.
|
Select the to-zone and destination addresses/address sets from
the list and do either one of the following:
- To match the to-zone and destination addresses/address
sets to the rule, click the left arrow.
- To make the to-zone exceptions for each rule, click the
right arrow.
|
Except
|
Specifies the except criteria for the to-zone and source address
for each rule.
|
Click the option button to enable exception criteria.
|
| Applications
and Application Sets |
Matched
|
Specifies the type of network traffic you want the device to
monitor for attacks.
|
|
Application/Application Sets
|
Lists one or multiple configured applications and application
sets.
|
Select the applications and application sets to be matched and
do either one of the following:
- To match the rule to the applications/application sets,
click the left arrow.
- To remove the rule match for the applications/application
sets, select the rule match and click the right arrow.
|
| Specify a
rule action |
Rule Action
|
Lists all the rule actions for IDP to take when the monitored
traffic matches the attack objects specified in the rules.
|
Select a rule action from the list.
|
| Attacks and
Attack Action |
Predefined Attacks
|
Specifies predefined attack objects that are used to match the
traffic against known attacks.
|
Type a valid predefined attack name and do either one the following:
- To add a predefined attack, type it next to the Add button, and click Add.
- To remove a predefined attack, select it in the Predefined
Attacks box, and click Delete.
|
Predefined Attack Groups
|
Specifies predefined attack groups that are used to match the
traffic against known attack objects.
|
Enter a valid predefined attack group name and do either one
the following:
- To add a predefined attack group, type it next to the Add button, and click Add.
- To remove a predefined attack group, select it in the
Predefined Attack groups box, and click Delete.
|
Custom Attacks
|
Specifies the custom attack objects to detect new attacks that
are unique to your network.
|
Select one or multiple custom attacks from the Custom Attacks
List and do either one of the following:
- To match a custom attack to the rule, click the left arrow.
- To remove the rule match for the custom attack to the
rule, select the rule match and click the right arrow.
|
| Attack Action |
IP Action
|
Specifies the action IDP takes against future connections that
use the same IP address.
|
Select an IP action from the list.
|
IP Target
|
Specifies the destination IP address.
|
Select an IP target from the list.
|
Timeout
|
Specifies the number of seconds IP action should remain effective
before new sessions are initiated within that specified timeout value.
|
Type the timeout value, in seconds. Maximum acceptable value
is 65535 seconds.
|
Log IP Action
|
Specifies if the log attacks are enabled to create a log record
that appears in the log viewer.
|
Select the check box.
|
| Rule Additional
Actions |
Severity
|
Specifies the rule severity levels in logging to support better
organization and presentation of log records on the log server.
|
Select a severity level from the list.
|
Terminal
|
Specifies if the terminal rule flag is set or unset.
|
Select the check box.
|
| Notifications
- Attack Logging |
Enable
|
Specifies if the configuring attack logging alert is enabled.
|
Select the check box.
|
Set Alert Flag
|
Specifies if an alert flag is set.
|
Select the check box.
|
