Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

ips

Syntax

Hierarchy Level

Description

Configure IPS security policy sensor settings. The IPS sensor contains filters, signature entries, or both. These specify which signatures are included in the IPS sensor. You need to create an IPS sensor before specific signatures or filters can be chosen. The signatures can be added to a new sensor before it is saved. However, it is good practice to keep in mind that the sensor and its included filters are separate things, and that they are created separately. While individual signatures can be added to a sensor, a filter allows you to add multiple signatures to a sensor by specifying the characteristics of the signatures to be added.

Options

content-decompression-max-memory-kb

Set the maximum memory allocation in kilobytes for content decompression.

The default memory allocation provides 33 KB per session for an average number of sessions requiring decompression at the same time. To determine if this value is consistent with your environment, analyze values from decompression-related counters and the total number of IDP sessions traversing the device. Estimate the number of sessions requiring decompression at the same time. Assuming that each of these sessions requires 33 KB of memory for decompression, compare your estimated needs to the default value.

Note:

Because content decompression requires a significant allocation of memory, system performance will be impacted by increasing the maximum memory allocation for decompression.

  • Range: 50 through 2,000,000 KB
content-decompression-max-ratio

Set the maximum decompression ratio of the size of decompressed data to the size of compressed data.

Some attacks are introduced through compressed content. When the content is decompressed, it can inflate to a very large size taking up valuable system resources resulting in denial of service. This type of attack can be recognized by the ratio of the size of decompressed data to the size of compressed data. Keep in mind, however, that a higher ratio lessens the chance of detecting this type of attack.

  • Range: 1 through 128
detect-shellcode

Enable to detect the shell code and prevent buffer overflow attacks. By default this setting is enabled.
fifo-max-size

Sets the maximum IPS FIFO size.

  • Range: 1 through 65,535
ignore-regular-expression

To detect intrusion attempts, you can enable regular expression by issuing the no-ignore-regular-expression command. By default, the no-ignore-regular-expression command is enabled. If you specify the ignore-regular-expression command, regular expression pattern matching will be disabled when detecting intrusion attempts.

  • Default: Regular expression is enabled by default.
log-supercede-min

Specify the amount of time to supersede the IPS sensor logs.

  • Syntax: minimum-value—Minimum time to supersede the log.

  • Default: 1 second

  • Range: 0 through 65,535
no-detect-shellcode

Don't detect shellcode
no-ignore-regular-expression

Don't ignore regular expression
no-process-ignore-s2c

Don't process ignore s2c
no-process-override

Don't process override
process-ignore-s2c

Set the command to disable the server-to-client inspection.
process-override

Set the command to forcefully run the IDS inspection module even if there is no policy match.
process-port

Set the command to a specific port to forcefully run the IDS inspection module on that TCP/UDP port even if there is no policy match.

  • Syntax: port-number—Port number.

  • Range: 0 through 65,535
session-pkt-depth

Set the command specify the Session packet scanning depth.

  • Syntax: session-pkt-depth—Session packet depth.

  • Range: 0 through 1000000

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

Related Documentation