[Prev][Next][Report an Error]

Monitoring Firewall Intrusion Detection Services (IDS)

To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor > Firewall > IDS Information.

Note: After you make changes to the configuration in this window, you must commit the changes immediately for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes (J-Web Procedure) for details about all commit options.

Click one of the following criteria to order the display accordingly:

To limit the display of IDS information, type or select information in one or more of the Narrow Search boxes listed in Table 43 and click OK.

Table 43: IDS Search-Narrowing Characteristics

Narrow Search Box

Entry or Selection

Destination Address

Type a destination address prefix to display IDS information for only that prefix.

IDS Table

Select one of the following:

  • Destination—Displays information for an address under attack.
  • Pair—Displays information for a suspected attack source and destination pair.
  • Source—Displays information for an address that is a suspected attacker.

Number of IDS Entries to Display

Select a number between 25 and 500 to display only a particular number of entries.

Threshold

Type a number to display events with only that number of bytes, packets, flows, or anomalies—whichever you selected to order the display. For example, to display all events with more than 100 flows, click Flows and type 100 in the Threshold box.

Alternatively, enter the following CLI show commands:

Table 44 summarizes key output fields for stateful firewall filter intrusion detection.

Table 44: Summary of Key Firewall IDS Output Fields

Field

Values

Source Address

Source address for the event.

Destination address

Destination address for the event.

Time

Total time the information has been in the IDS table.

Bytes

Total number of bytes sent from the source to the destination address, in thousands (k) or millions (m).

Packets

Total number of packets sent from the source to the destination address, in thousands (k) or millions (m).

Flows

Total number of flows of packets sent from the source to the destination address, in thousands (k) or millions (m).

Anomalies

Total number of anomalies in the anomaly table, in thousands (k) or millions (m).

Application

Configured application, such as FTP or Telnet.


[Prev][Next][Report an Error]