config firewall sniffer

Configure sniffer.

config firewall sniffer

Description: Configure sniffer.

edit <id>

set status [enable|disable]

set logtraffic [all|utm|...]

set ipv6 [enable|disable]

set non-ip [enable|disable]

set interface {string}

set host {string}

set port {string}

set protocol {string}

set vlan {string}

set application-list-status [enable|disable]

set application-list {string}

set ips-sensor-status [enable|disable]

set ips-sensor {string}

set dsri [enable|disable]

set av-profile-status [enable|disable]

set av-profile {string}

set webfilter-profile-status [enable|disable]

set webfilter-profile {string}

set emailfilter-profile-status [enable|disable]

set emailfilter-profile {string}

set dlp-sensor-status [enable|disable]

set dlp-sensor {string}

set ips-dos-status [enable|disable]

config anomaly

Description: Configuration method to edit Denial of Service (DoS) anomaly settings.

edit <name>

set status [disable|enable]

set log [enable|disable]

set action [pass|block|...]

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

set threshold {integer}

set threshold(default) {integer}

next

end

set max-packet-count {integer}

next

end

config firewall sniffer

Parameter name	Description	Type	Size
status	Enable/disable the active status of the sniffer.	option	-
	Option Description enable Enable sniffer status. disable Disable sniffer status.
logtraffic	Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.	option	-
	Option Description all Log all sessions accepted or denied by this policy. utm Log traffic that has a security profile applied to it. disable Disable all logging for this policy.
ipv6	Enable/disable sniffing IPv6 packets.	option	-
	Option Description enable Enable sniffer for IPv6 packets. disable Disable sniffer for IPv6 packets.
non-ip	Enable/disable sniffing non-IP packets.	option	-
	Option Description enable Enable sniffer for non-IP packets. disable Disable sniffer for non-IP packets.
interface	Interface name that traffic sniffing will take place on.	string	Maximum length: 35
host	Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).	string	Maximum length: 63
port	Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).	string	Maximum length: 63
protocol	Integer value for the protocol type as defined by IANA (0 - 255).	string	Maximum length: 63
vlan	List of VLANs to sniff.	string	Maximum length: 63
application-list-status	Enable/disable application control profile.	option	-
	Option Description enable Enable setting. disable Disable setting.
application-list	Name of an existing application list.	string	Maximum length: 35
ips-sensor-status	Enable/disable IPS sensor.	option	-
	Option Description enable Enable setting. disable Disable setting.
ips-sensor	Name of an existing IPS sensor.	string	Maximum length: 35
dsri	Enable/disable DSRI.	option	-
	Option Description enable Enable DSRI. disable Disable DSRI.
av-profile-status	Enable/disable antivirus profile.	option	-
	Option Description enable Enable setting. disable Disable setting.
av-profile	Name of an existing antivirus profile.	string	Maximum length: 35
webfilter-profile-status	Enable/disable web filter profile.	option	-
	Option Description enable Enable setting. disable Disable setting.
webfilter-profile	Name of an existing web filter profile.	string	Maximum length: 35
emailfilter-profile-status	Enable/disable emailfilter.	option	-
	Option Description enable Enable setting. disable Disable setting.
emailfilter-profile	Name of an existing email filter profile.	string	Maximum length: 35
dlp-sensor-status	Enable/disable DLP sensor.	option	-
	Option Description enable Enable setting. disable Disable setting.
dlp-sensor	Name of an existing DLP sensor.	string	Maximum length: 35
ips-dos-status	Enable/disable IPS DoS anomaly detection.	option	-
	Option Description enable Enable setting. disable Disable setting.
max-packet-count	Maximum packet count (1 - 1000000, default = 4000).	integer	Minimum value: 1 Maximum value: 1000000

config anomaly

Parameter name	Description	Type	Size
status	Enable/disable this anomaly.	option	-
	Option Description disable Disable this status. enable Enable this status.
log	Enable/disable anomaly logging.	option	-
	Option Description enable Enable anomaly logging. disable Disable anomaly logging.
action	Action taken when the threshold is reached.	option	-
	Option Description pass Allow traffic but record a log message if logging is enabled. block Block traffic if this anomaly is found. proxy Use a proxy to control the traffic flow.
quarantine	Quarantine method.	option	-
	Option Description none Quarantine is disabled. attacker Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
quarantine-expiry	Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker.	user	Not Specified
quarantine-log	Enable/disable quarantine logging.	option	-
	Option Description disable Disable quarantine logging. enable Enable quarantine logging.
threshold	Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.	integer	Minimum value: 1 Maximum value: 2147483647
threshold(default)	Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it.	integer	Minimum value: 0 Maximum value: 4294967295