Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Step 2: Up and Running


Let’s activate the predefined policy template named Recommended.

  1. Set the default policy to Recommended.
  2. Confirm the Recommended policy is enabled on your device.

Enable an IDP Action in a Policy

You can configure attack objects and groups as match conditions in IDP policy rules. In this example, we show you how to create a policy rule and enable the predefined attack group “HTTP-Critical” in a policy. The “HTTP-critical” attack group defines actions to take for HTTP traffic from the untrust zone to the trust zone. When this attack group is enabled, IDP tells the device to check for “HTTP-Critical” attacks and then take the action defined in the policy (which is probably to drop the traffic).

  1. Create an IDP policy rule.
  2. Commit the changes.
  3. Apply the IDP policy.
  4. Commit the changes.
  5. Verify that HTTP-Critical is enabled in the policy.

    The sample output confirms that the “HTTP-critical” attack group is enabled for the policy.

View Predefined Attacks and Attack Groups in an IDP Policy

The IDP attack database stores thousands of attack objects. To make them easier to manage, attack objects are organized into attack groups. An attack group contains two or more types of attack objects.

Use the show security idp attack attack-list policy policy-name command to view the attacks available in a IDP policy template or IDP policy. If an IDP policy contains an attack that belongs to several attack groups, the IDP policy command output will display the redundant attack names.

View a List of Detected Attacks