config ips sensor
Configure IPS sensor.
config ips sensor
Description: Configure IPS sensor.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set block-malicious-url [disable|enable]
set scan-botnet-connections [disable|block|...]
set extended-log [enable|disable]
config entries
Description: IPS sensor filter.
edit <id>
set rule <id1>, <id2>, ...
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set log-attack-context [disable|enable]
set action [pass|block|...]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
config exempt-ip
Description: Traffic from selected source or destination IP addresses is exempt from this signature.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
config filter
Description: IPS sensor filter.
edit <name>
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
next
end
config override
Description: IPS override rule.
edit <rule-id>
set status [disable|enable]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
config exempt-ip
Description: Exempted IP.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
next
end
next
end
config ips sensor
Parameter name |
Description |
Type |
Size |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
comment |
Comment. |
var-string |
Maximum length: 255 |
||||||||
replacemsg-group |
Replacement message group. |
string |
Maximum length: 35 |
||||||||
block-malicious-url |
Enable/disable malicious URL blocking. |
option |
- |
||||||||
|
|
||||||||||
scan-botnet-connections |
Block or monitor connections to Botnet servers, or disable Botnet scanning. |
option |
- |
||||||||
|
|
||||||||||
extended-log |
Enable/disable extended logging. |
option |
- |
||||||||
|
|
config entries
Parameter name |
Description |
Type |
Size |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
rule |
Identifies the predefined or custom IPS signatures to add to the sensor. Rule IPS. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||||||||
location |
Protect client or server traffic. |
user |
Not Specified |
||||||||||||
severity |
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. |
user |
Not Specified |
||||||||||||
protocol |
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. |
user |
Not Specified |
||||||||||||
os |
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. |
user |
Not Specified |
||||||||||||
application |
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. |
user |
Not Specified |
||||||||||||
status |
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. |
option |
- |
||||||||||||
|
|
||||||||||||||
log |
Enable/disable logging of signatures included in filter. |
option |
- |
||||||||||||
|
|
||||||||||||||
log-packet |
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. |
option |
- |
||||||||||||
|
|
||||||||||||||
log-attack-context |
Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. |
option |
- |
||||||||||||
|
|
||||||||||||||
action |
Action taken with traffic in which signatures are detected. |
option |
- |
||||||||||||
|
|
||||||||||||||
rate-count |
Count of the rate. |
integer |
Minimum value: 0 Maximum value: 65535 |
||||||||||||
rate-duration |
Duration (sec) of the rate. |
integer |
Minimum value: 1 Maximum value: 65535 |
||||||||||||
rate-mode |
Rate limit mode. |
option |
- |
||||||||||||
|
|
||||||||||||||
rate-track |
Track the packet protocol field. |
option |
- |
||||||||||||
|
|
||||||||||||||
quarantine |
Quarantine method. |
option |
- |
||||||||||||
|
|
||||||||||||||
quarantine-expiry |
Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. |
user |
Not Specified |
||||||||||||
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
||||||||||||
|
|
config exempt-ip
Parameter name |
Description |
Type |
Size |
---|---|---|---|
src-ip |
Source IP address and netmask. |
ipv4-classnet |
Not Specified |
dst-ip |
Destination IP address and netmask. |
ipv4-classnet |
Not Specified |
config filter
Parameter name |
Description |
Type |
Size |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
location |
Vulnerability location filter. |
user |
Not Specified |
||||||||||
severity |
Vulnerability severity filter. |
user |
Not Specified |
||||||||||
protocol |
Vulnerable protocol filter. |
user |
Not Specified |
||||||||||
os |
Vulnerable OS filter. |
user |
Not Specified |
||||||||||
application |
Vulnerable application filter. |
user |
Not Specified |
||||||||||
status |
Selected rules status. |
option |
- |
||||||||||
|
|
||||||||||||
log |
Enable/disable logging of selected rules. |
option |
- |
||||||||||
|
|
||||||||||||
log-packet |
Enable/disable packet logging of selected rules. |
option |
- |
||||||||||
|
|
||||||||||||
action |
Action of selected rules. |
option |
- |
||||||||||
|
|
||||||||||||
quarantine |
Quarantine IP or interface. |
option |
- |
||||||||||
|
|
||||||||||||
quarantine-expiry |
Duration of quarantine in minute. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
||||||||||
quarantine-log |
Enable/disable logging of selected quarantine. |
option |
- |
||||||||||
|
|
config override
Parameter name |
Description |
Type |
Size |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable status of override rule. |
option |
- |
||||||||
|
|
||||||||||
log |
Enable/disable logging. |
option |
- |
||||||||
|
|
||||||||||
log-packet |
Enable/disable packet logging. |
option |
- |
||||||||
|
|
||||||||||
action |
Action of override rule. |
option |
- |
||||||||
|
|
||||||||||
quarantine |
Quarantine IP or interface. |
option |
- |
||||||||
|
|
||||||||||
quarantine-expiry |
Duration of quarantine in minute. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
||||||||
quarantine-log |
Enable/disable logging of selected quarantine. |
option |
- |
||||||||
|
|
config exempt-ip
Parameter name |
Description |
Type |
Size |
---|---|---|---|
src-ip |
Source IP address and netmask. |
ipv4-classnet |
Not Specified |
dst-ip |
Destination IP address and netmask. |
ipv4-classnet |
Not Specified |