config firewall sniffer
Configure sniffer.
config firewall sniffer Description: Configure sniffer. edit <id> config anomaly Description: Configuration method to edit Denial of Service (DoS) anomaly settings. edit <name> set status [disable|enable] set log [enable|disable] set action [pass|block] set quarantine [none|attacker] set quarantine-expiry {user} set quarantine-log [disable|enable] set threshold {integer} set threshold(default) {integer} next end set application-list {string} set application-list-status [enable|disable] set av-profile {string} set av-profile-status [enable|disable] set dlp-sensor {string} set dlp-sensor-status [enable|disable] set dsri [enable|disable] set emailfilter-profile {string} set emailfilter-profile-status [enable|disable] set host {string} set interface {string} set ips-dos-status [enable|disable] set ips-sensor {string} set ips-sensor-status [enable|disable] set ipv6 [enable|disable] set logtraffic [all|utm|...] set max-packet-count {integer} set non-ip [enable|disable] set port {string} set protocol {string} set status [enable|disable] set vlan {string} set webfilter-profile {string} set webfilter-profile-status [enable|disable] next end
config firewall sniffer
Parameter |
Description |
Type |
Size |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
application-list |
Name of an existing application list. |
string |
Maximum length: 35 |
|||||||||
application-list-status |
Enable/disable application control profile. |
option |
- |
|||||||||
|
|
|||||||||||
av-profile |
Name of an existing antivirus profile. |
string |
Maximum length: 35 |
|||||||||
av-profile-status |
Enable/disable antivirus profile. |
option |
- |
|||||||||
|
|
|||||||||||
dlp-sensor |
Name of an existing DLP sensor. |
string |
Maximum length: 35 |
|||||||||
dlp-sensor-status |
Enable/disable DLP sensor. |
option |
- |
|||||||||
|
|
|||||||||||
dsri |
Enable/disable DSRI. |
option |
- |
|||||||||
|
|
|||||||||||
emailfilter-profile |
Name of an existing email filter profile. |
string |
Maximum length: 35 |
|||||||||
emailfilter-profile-status |
Enable/disable emailfilter. |
option |
- |
|||||||||
|
|
|||||||||||
host |
Hosts to filter for in sniffer traffic. |
string |
Maximum length: 63 |
|||||||||
id |
Sniffer ID. |
integer |
Minimum value: 0 Maximum value: 9999 |
|||||||||
interface |
Interface name that traffic sniffing will take place on. |
string |
Maximum length: 35 |
|||||||||
ips-dos-status |
Enable/disable IPS DoS anomaly detection. |
option |
- |
|||||||||
|
|
|||||||||||
ips-sensor |
Name of an existing IPS sensor. |
string |
Maximum length: 35 |
|||||||||
ips-sensor-status |
Enable/disable IPS sensor. |
option |
- |
|||||||||
|
|
|||||||||||
ipv6 |
Enable/disable sniffing IPv6 packets. |
option |
- |
|||||||||
|
|
|||||||||||
logtraffic |
Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. |
option |
- |
|||||||||
|
|
|||||||||||
max-packet-count |
Maximum packet count. |
integer |
Minimum value: 1 Maximum value: 1000000 ** |
|||||||||
non-ip |
Enable/disable sniffing non-IP packets. |
option |
- |
|||||||||
|
|
|||||||||||
port |
Ports to sniff. |
string |
Maximum length: 63 |
|||||||||
protocol |
Integer value for the protocol type as defined by IANA. |
string |
Maximum length: 63 |
|||||||||
status |
Enable/disable the active status of the sniffer. |
option |
- |
|||||||||
|
|
|||||||||||
vlan |
List of VLANs to sniff. |
string |
Maximum length: 63 |
|||||||||
webfilter-profile |
Name of an existing web filter profile. |
string |
Maximum length: 35 |
|||||||||
webfilter-profile-status |
Enable/disable web filter profile. |
option |
- |
|||||||||
|
|
** Values may differ between models.
config anomaly
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
name |
Anomaly name. |
string |
Maximum length: 63 |
|||||||
status |
Enable/disable this anomaly. |
option |
- |
|||||||
|
|
|||||||||
log |
Enable/disable anomaly logging. |
option |
- |
|||||||
|
|
|||||||||
action |
Action taken when the threshold is reached. |
option |
- |
|||||||
|
|
|||||||||
quarantine |
Quarantine method. |
option |
- |
|||||||
|
|
|||||||||
quarantine-expiry |
Duration of quarantine.. Requires quarantine set to attacker. |
user |
Not Specified |
|||||||
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
|||||||
|
|
|||||||||
threshold |
Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
|||||||
threshold(default) |
Number of detected instances per minute which triggers action. Note that each anomaly has a different threshold value assigned to it. |
integer |
Minimum value: 0 Maximum value: 4294967295 |