config ips sensor
Description: Configure IPS sensor.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set block-malicious-url [disable|enable]
set scan-botnet-connections [disable|block|...]
set extended-log [enable|disable]
config entries
Description: IPS sensor filter.
edit <id>
set rule <id1>, <id2>, ...
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set log-attack-context [disable|enable]
set action [pass|block|...]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
config exempt-ip
Description: Traffic from selected source or destination IP addresses is exempt from this signature.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
config filter
Description: IPS sensor filter.
edit <name>
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
next
end
config override
Description: IPS override rule.
edit <rule-id>
set status [disable|enable]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
config exempt-ip
Description: Exempted IP.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
block-malicious-url | Enable/disable malicious URL blocking. disable: Disable malicious URL blocking. enable: Enable malicious URL blocking. |
option | - |
scan-botnet-connections | Block or monitor connections to Botnet servers, or disable Botnet scanning. disable: Do not scan connections to botnet servers. block: Block connections to botnet servers. monitor: Log connections to botnet servers. |
option | - |
extended-log | Enable/disable extended logging. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
rule <id> |
Identifies the predefined or custom IPS signatures to add to the sensor. Rule IPS. |
integer | Minimum value: 0 Maximum value: 4294967295 |
location | Protect client or server traffic. | user | Not Specified |
severity | Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. | user | Not Specified |
protocol | Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. | user | Not Specified |
os | Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. | user | Not Specified |
application | Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. | user | Not Specified |
status | Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. disable: Disable status of selected rules. enable: Enable status of selected rules. default: Default. |
option | - |
log | Enable/disable logging of signatures included in filter. disable: Disable logging of selected rules. enable: Enable logging of selected rules. |
option | - |
log-packet | Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. disable: Disable packet logging of selected rules. enable: Enable packet logging of selected rules. |
option | - |
log-attack-context | Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. disable: Disable logging of detailed attack context. enable: Enable logging of detailed attack context. |
option | - |
action | Action taken with traffic in which signatures are detected. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. default: Pass or drop matching traffic, depending on the default action of the signature. |
option | - |
rate-count | Count of the rate. | integer | Minimum value: 0 Maximum value: 65535 |
rate-duration | Duration (sec) of the rate. | integer | Minimum value: 1 Maximum value: 65535 |
rate-mode | Rate limit mode. periodical: Allow configured number of packets every rate-duration. continuous: Block packets once the rate is reached. |
option | - |
rate-track | Track the packet protocol field. none: none src-ip: Source IP. dest-ip: Destination IP. dhcp-client-mac: DHCP client. dns-domain: DNS domain. |
option | - |
quarantine | Quarantine method. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. | user | Not Specified |
quarantine-log | Enable/disable quarantine logging. disable: Disable quarantine logging. enable: Enable quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
src-ip | Source IP address and netmask. | ipv4-classnet | Not Specified |
dst-ip | Destination IP address and netmask. | ipv4-classnet | Not Specified |
src-ip | Source IP address and netmask. | ipv4-classnet | Not Specified |
dst-ip | Destination IP address and netmask. | ipv4-classnet | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
location | Vulnerability location filter. | user | Not Specified |
severity | Vulnerability severity filter. | user | Not Specified |
protocol | Vulnerable protocol filter. | user | Not Specified |
os | Vulnerable OS filter. | user | Not Specified |
application | Vulnerable application filter. | user | Not Specified |
status | Selected rules status. disable: Disable status of selected rules. enable: Enable status of selected rules. default: Default. |
option | - |
log | Enable/disable logging of selected rules. disable: Disable logging of selected rules. enable: Enable logging of selected rules. |
option | - |
log-packet | Enable/disable packet logging of selected rules. disable: Disable packet logging of selected rules. enable: Enable packet logging of selected rules. |
option | - |
action | Action of selected rules. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. default: Pass or drop matching traffic, depending on the default action of the signature. |
option | - |
quarantine | Quarantine IP or interface. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine in minute. | integer | Minimum value: 1 Maximum value: 2147483647 |
quarantine-log | Enable/disable logging of selected quarantine. disable: Disable logging of selected quarantine. enable: Enable logging of selected quarantine. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable status of override rule. disable: Disable status of override rule. enable: Enable status of override rule. |
option | - |
log | Enable/disable logging. disable: Disable logging. enable: Enable logging. |
option | - |
log-packet | Enable/disable packet logging. disable: Disable packet logging. enable: Enable packet logging. |
option | - |
action | Action of override rule. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. |
option | - |
quarantine | Quarantine IP or interface. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine in minute. | integer | Minimum value: 1 Maximum value: 2147483647 |
quarantine-log | Enable/disable logging of selected quarantine. disable: Disable logging of selected quarantine. enable: Enable logging of selected quarantine. |
option | - |
config ips sensor
Description: Configure IPS sensor.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set block-malicious-url [disable|enable]
set scan-botnet-connections [disable|block|...]
set extended-log [enable|disable]
config entries
Description: IPS sensor filter.
edit <id>
set rule <id1>, <id2>, ...
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set log-attack-context [disable|enable]
set action [pass|block|...]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
config exempt-ip
Description: Traffic from selected source or destination IP addresses is exempt from this signature.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
config filter
Description: IPS sensor filter.
edit <name>
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
next
end
config override
Description: IPS override rule.
edit <rule-id>
set status [disable|enable]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
config exempt-ip
Description: Exempted IP.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
block-malicious-url | Enable/disable malicious URL blocking. disable: Disable malicious URL blocking. enable: Enable malicious URL blocking. |
option | - |
scan-botnet-connections | Block or monitor connections to Botnet servers, or disable Botnet scanning. disable: Do not scan connections to botnet servers. block: Block connections to botnet servers. monitor: Log connections to botnet servers. |
option | - |
extended-log | Enable/disable extended logging. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
rule <id> |
Identifies the predefined or custom IPS signatures to add to the sensor. Rule IPS. |
integer | Minimum value: 0 Maximum value: 4294967295 |
location | Protect client or server traffic. | user | Not Specified |
severity | Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. | user | Not Specified |
protocol | Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. | user | Not Specified |
os | Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. | user | Not Specified |
application | Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. | user | Not Specified |
status | Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. disable: Disable status of selected rules. enable: Enable status of selected rules. default: Default. |
option | - |
log | Enable/disable logging of signatures included in filter. disable: Disable logging of selected rules. enable: Enable logging of selected rules. |
option | - |
log-packet | Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. disable: Disable packet logging of selected rules. enable: Enable packet logging of selected rules. |
option | - |
log-attack-context | Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. disable: Disable logging of detailed attack context. enable: Enable logging of detailed attack context. |
option | - |
action | Action taken with traffic in which signatures are detected. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. default: Pass or drop matching traffic, depending on the default action of the signature. |
option | - |
rate-count | Count of the rate. | integer | Minimum value: 0 Maximum value: 65535 |
rate-duration | Duration (sec) of the rate. | integer | Minimum value: 1 Maximum value: 65535 |
rate-mode | Rate limit mode. periodical: Allow configured number of packets every rate-duration. continuous: Block packets once the rate is reached. |
option | - |
rate-track | Track the packet protocol field. none: none src-ip: Source IP. dest-ip: Destination IP. dhcp-client-mac: DHCP client. dns-domain: DNS domain. |
option | - |
quarantine | Quarantine method. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. | user | Not Specified |
quarantine-log | Enable/disable quarantine logging. disable: Disable quarantine logging. enable: Enable quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
src-ip | Source IP address and netmask. | ipv4-classnet | Not Specified |
dst-ip | Destination IP address and netmask. | ipv4-classnet | Not Specified |
src-ip | Source IP address and netmask. | ipv4-classnet | Not Specified |
dst-ip | Destination IP address and netmask. | ipv4-classnet | Not Specified |
Parameter Name | Description | Type | Size |
---|---|---|---|
location | Vulnerability location filter. | user | Not Specified |
severity | Vulnerability severity filter. | user | Not Specified |
protocol | Vulnerable protocol filter. | user | Not Specified |
os | Vulnerable OS filter. | user | Not Specified |
application | Vulnerable application filter. | user | Not Specified |
status | Selected rules status. disable: Disable status of selected rules. enable: Enable status of selected rules. default: Default. |
option | - |
log | Enable/disable logging of selected rules. disable: Disable logging of selected rules. enable: Enable logging of selected rules. |
option | - |
log-packet | Enable/disable packet logging of selected rules. disable: Disable packet logging of selected rules. enable: Enable packet logging of selected rules. |
option | - |
action | Action of selected rules. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. default: Pass or drop matching traffic, depending on the default action of the signature. |
option | - |
quarantine | Quarantine IP or interface. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine in minute. | integer | Minimum value: 1 Maximum value: 2147483647 |
quarantine-log | Enable/disable logging of selected quarantine. disable: Disable logging of selected quarantine. enable: Enable logging of selected quarantine. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable status of override rule. disable: Disable status of override rule. enable: Enable status of override rule. |
option | - |
log | Enable/disable logging. disable: Disable logging. enable: Enable logging. |
option | - |
log-packet | Enable/disable packet logging. disable: Disable packet logging. enable: Enable packet logging. |
option | - |
action | Action of override rule. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. |
option | - |
quarantine | Quarantine IP or interface. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine in minute. | integer | Minimum value: 1 Maximum value: 2147483647 |
quarantine-log | Enable/disable logging of selected quarantine. disable: Disable logging of selected quarantine. enable: Enable logging of selected quarantine. |
option | - |