Create Exempt Rule

You can create intrusion prevention system (IPS) exempt rules only for customized IPS profiles.

To create an exempt rule:

Select Secure Edge > Security Subscriptions > IPS.

The IPS Policy page opens.
Click the Exempt Rules tab.
Click the add (+) icon.

The parameters for an exempt rule are displayed inline at the top of the page.
Complete the configuration according to the guidelines in Table 1.

Click the check mark (✓) to save your changes.

The changes are saved and a confirmation message is displayed at the top of the page.

You can use the IPS profile in a firewall policy intent. When you deploy the firewall policy on the device, the IPS and exempt rules associated with the profile are also deployed.

Table 1: Create Exempt Rule Settings
Setting	Guideline
Name	Juniper Secure Edge generates a unique rule name by default. You can modify the name. The name must begin with an alphanumeric character and can contain maximum 63 characters, which includes alphanumeric characters and some special characters, such as colons, hyphens, forward slashes, periods, and underscores.
Description	Enter a description containing maximum 1024 characters for the rule.
IPS Signatures	Add one or more IPS signatures and IPS signature static and dynamic groups to be associated with the rule: Click inside the text box with the + icon. A list of IPS signatures and IPS signature static and dynamic groups opens. (Optional) Click the add (+) icon to add signatures. The Add IPS Signatures popup window opens. (Optional) Enter a search term and press Enter to filter the list of items displayed. Click a list item to add it to the IPS signatures and IPS signature static or dynamic groups associated with the rule. (Optional) Repeat the preceding step to add more signatures, static groups, and dynamic groups.