Add an IDP Policy

You are here: Security Services > IPS > Policy.

To add an IDP policy:

Click the add icon (+) on the upper right side of the Policy page.
The Add IDP Policy page appears.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Fields on the Add IDP Policy Page
Field	Action
Policy Name	Enter the name of the IPS policy.
IPS Rule	Specifies the IPS rule created. Select an option form the list: Add—Adds a new IPS rule. Edit—Edits the selected IPS rule. Delete—Deletes the selected record. Move—Organize rows. Select Move up, Move down, Move to top, or Move to down.
Basic
Policy Name	Displays the name of the IDP policy.
Rule Name	Enter a rule name.
Rule Description	Enter the description for the rule.
Action	Select a rule action from the list to specify the list of all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.
Application	Specifies the list of one or multiple configured applications. Select the applications to be matched.
Attack Type	Specifies the attack type that you do not want the device to match in the monitored network traffic. The options available are: Predefined Attacks Predefined Attack Groups Select an option from the list and click the right arrow to match an attack object or attack group to the rule.
Category	Select a category from the list to specify the category used for scrutinizing rules of sets.
Severity	Select a severity level from the list to specify the rule severity levels in logging to support better organization and presentation of log records on the log server.
Direction	Select a direction level from the list to specify the direction of network traffic you want the device to monitor for attacks.
Search	Enables you to search a specific data from the list.
Advanced Note: This tab is not available for Rulebase exempt.
IP Action	Specifies the action that IDP takes against future connections that use the same IP address. Select an IP action from the list.
IP Target	Select an IP target from the list.
Timeout	Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value. Enter the timeout value, in seconds. The maximum value is 65,535 seconds.
Log IP Action	Select the check box to specify whether or not the log attacks are enabled to create a log record that appears in the log viewer.
Enable Attack Logging	Select the check box to specify whether or not the configuring attack logging alert is enabled.
Set Alert Flag	Select the check box to specify whether or not an alert flag is set.
Severity	Select an option from the list to specify the rule severity level.
Terminal	Select the check box to specify whether or not the terminal rule flag is set.
Match
From Zone	Select the match criteria for the source zone for each rule.
To Zone	Select the match criteria for the destination zone for each rule.
Source Address	Select the zone exceptions for the from-zone and source address for each rule. The options available are: Match—Matches the from-zone and source address/address sets to the rule. Except—Enables the exception criteria.
Destination Address	Select the zone exceptions for the to-zone and destination address for each rule. The options available are: Match—Matches the from-zone and destination address/address sets to the rule. Except—Enables the exception criteria.

Add an IDP Policy

Related Documentation