Create IPS Signature Static Groups
The signature database in Contrail Service Orchestration (CSO) contains predefined intrusion prevention system (IPS) signature static groups that you can use. Users with the tenant administrator role or a custom role with appropriate IPS tasks can also create customized IPS signature static groups from the Create IPS Signature Static Group page. Static groups enable better manageability because you can group different types of signatures into one entity.
To create a customized IPS signature static group:
After you create an IPS signature static group, you can use the static group in an IPS or an exempt rule and reference the IPS profile (containing the rule) in a firewall policy that you can then deploy on the device.
Setting |
Guideline |
---|---|
Name |
Enter a unique name for the IPS signature static group that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. |
Description |
Enter a description for the IPS signature static group; the maximum length is 1024 characters. |
Group Members |
You can add one or more IPS signatures, static groups, or dynamic groups to be members of the static group that you are creating. In addition, you can delete group members after adding them. Note:
You must add at least one IPS signature, static group, or dynamic group to proceed.
|