config ips sensor

Configure IPS sensor.

config ips sensor

Description: Configure IPS sensor.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set block-malicious-url [disable|enable]

set scan-botnet-connections [disable|block|...]

set extended-log [enable|disable]

config entries

Description: IPS sensor filter.

edit <id>

set rule <id1>, <id2>, ...

set location {user}

set severity {user}

set protocol {user}

set os {user}

set application {user}

set cve <cve-entry1>, <cve-entry2>, ...

set status [disable|enable|...]

set log [disable|enable]

set log-packet [disable|enable]

set log-attack-context [disable|enable]

set action [pass|block|...]

set rate-count {integer}

set rate-duration {integer}

set rate-mode [periodical|continuous]

set rate-track [none|src-ip|...]

config exempt-ip

Description: Traffic from selected source or destination IP addresses is exempt from this signature.

edit <id>

set src-ip {ipv4-classnet}

set dst-ip {ipv4-classnet}

end

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

end

config ips sensor

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

block-malicious-url

Enable/disable malicious URL blocking.

option

disable

Option	Description
disable	Disable malicious URL blocking.
enable	Enable malicious URL blocking.

scan-botnet-connections

Block or monitor connections to Botnet servers, or disable Botnet scanning.

option

disable

Option	Description
disable	Do not scan connections to botnet servers.
block	Block connections to botnet servers.
monitor	Log connections to botnet servers.

extended-log

Enable/disable extended logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config entries

Parameter

Description

Type

Size

Default

rule <id>

Identifies the predefined or custom IPS signatures to add to the sensor.

Rule IPS.

integer

Minimum value: 0 Maximum value: 4294967295

location

Protect client or server traffic.

user

Not Specified

all

severity

Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.

user

Not Specified

all

protocol

Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.

user

Not Specified

all

Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.

user

Not Specified

all

application

Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.

user

Not Specified

all

cve <cve-entry>

List of CVE IDs of the signatures to add to the sensor

CVE IDs or CVE wildcards.

string

Maximum length: 19

status

Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.

option

default

Option	Description
disable	Disable status of selected rules.
enable	Enable status of selected rules.
default	Default.

log

Enable/disable logging of signatures included in filter.

option

enable

Option	Description
disable	Disable logging of selected rules.
enable	Enable logging of selected rules.

log-packet

Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.

option

disable

Option	Description
disable	Disable packet logging of selected rules.
enable	Enable packet logging of selected rules.

log-attack-context

Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.

option

disable

Option	Description
disable	Disable logging of detailed attack context.
enable	Enable logging of detailed attack context.

action

Action taken with traffic in which signatures are detected.

option

default

Option	Description
pass	Pass or allow matching traffic.
block	Block or drop matching traffic.
reset	Reset sessions for matching traffic.
default	Pass or drop matching traffic, depending on the default action of the signature.

rate-count

Count of the rate.

integer

Minimum value: 0 Maximum value: 65535

rate-duration

Duration (sec) of the rate.

integer

Minimum value: 1 Maximum value: 65535

rate-mode

Rate limit mode.

option

continuous

Option	Description
periodical	Allow configured number of packets every rate-duration.
continuous	Block packets once the rate is reached.

rate-track

Track the packet protocol field.

option

none

Option	Description
none	none
src-ip	Source IP.
dest-ip	Destination IP.
dhcp-client-mac	DHCP client.
dns-domain	DNS domain.

quarantine

Quarantine method.

option

none

Option	Description
none	Quarantine is disabled.
attacker	Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine. . Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

enable

Option	Description
disable	Disable quarantine logging.
enable	Enable quarantine logging.

config exempt-ip

Parameter	Description	Type	Size	Default
src-ip	Source IP address and netmask.	ipv4-classnet	Not Specified	0.0.0.0 0.0.0.0
dst-ip	Destination IP address and netmask.	ipv4-classnet	Not Specified	0.0.0.0 0.0.0.0

config ips sensor

Configure IPS sensor.

config ips sensor

Description: Configure IPS sensor.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set block-malicious-url [disable|enable]

set scan-botnet-connections [disable|block|...]

set extended-log [enable|disable]

config entries

Description: IPS sensor filter.

edit <id>

set rule <id1>, <id2>, ...

set location {user}

set severity {user}

set protocol {user}

set os {user}

set application {user}

set cve <cve-entry1>, <cve-entry2>, ...

set status [disable|enable|...]

set log [disable|enable]

set log-packet [disable|enable]

set log-attack-context [disable|enable]

set action [pass|block|...]

set rate-count {integer}

set rate-duration {integer}

set rate-mode [periodical|continuous]

set rate-track [none|src-ip|...]

config exempt-ip

Description: Traffic from selected source or destination IP addresses is exempt from this signature.

edit <id>

set src-ip {ipv4-classnet}

set dst-ip {ipv4-classnet}

end

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

end

config ips sensor

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

block-malicious-url

Enable/disable malicious URL blocking.

option

disable

Option	Description
disable	Disable malicious URL blocking.
enable	Enable malicious URL blocking.

scan-botnet-connections

Block or monitor connections to Botnet servers, or disable Botnet scanning.

option

disable

Option	Description
disable	Do not scan connections to botnet servers.
block	Block connections to botnet servers.
monitor	Log connections to botnet servers.

extended-log

Enable/disable extended logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config entries

Parameter

Description

Type

Size

Default

rule <id>

Identifies the predefined or custom IPS signatures to add to the sensor.

Rule IPS.

integer

Minimum value: 0 Maximum value: 4294967295

location

Protect client or server traffic.

user

Not Specified

all

severity

Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.

user

Not Specified

all

protocol

Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.

user

Not Specified

all

Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.

user

Not Specified

all

application

Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.

user

Not Specified

all

cve <cve-entry>

List of CVE IDs of the signatures to add to the sensor

CVE IDs or CVE wildcards.

string

Maximum length: 19

status

Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.

option

default

Option	Description
disable	Disable status of selected rules.
enable	Enable status of selected rules.
default	Default.

log

Enable/disable logging of signatures included in filter.

option

enable

Option	Description
disable	Disable logging of selected rules.
enable	Enable logging of selected rules.

log-packet

Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.

option

disable

Option	Description
disable	Disable packet logging of selected rules.
enable	Enable packet logging of selected rules.

log-attack-context

Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.

option

disable

Option	Description
disable	Disable logging of detailed attack context.
enable	Enable logging of detailed attack context.

action

Action taken with traffic in which signatures are detected.

option

default

Option	Description
pass	Pass or allow matching traffic.
block	Block or drop matching traffic.
reset	Reset sessions for matching traffic.
default	Pass or drop matching traffic, depending on the default action of the signature.

rate-count

Count of the rate.

integer

Minimum value: 0 Maximum value: 65535

rate-duration

Duration (sec) of the rate.

integer

Minimum value: 1 Maximum value: 65535

rate-mode

Rate limit mode.

option

continuous

Option	Description
periodical	Allow configured number of packets every rate-duration.
continuous	Block packets once the rate is reached.

rate-track

Track the packet protocol field.

option

none

Option	Description
none	none
src-ip	Source IP.
dest-ip	Destination IP.
dhcp-client-mac	DHCP client.
dns-domain	DNS domain.

quarantine

Quarantine method.

option

none

Option	Description
none	Quarantine is disabled.
attacker	Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine. . Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

enable

Option	Description
disable	Disable quarantine logging.
enable	Enable quarantine logging.

config exempt-ip

Parameter	Description	Type	Size	Default
src-ip	Source IP address and netmask.	ipv4-classnet	Not Specified	0.0.0.0 0.0.0.0
dst-ip	Destination IP address and netmask.	ipv4-classnet	Not Specified	0.0.0.0 0.0.0.0

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config ips sensor

config ips sensor

config ips sensor

config entries

config exempt-ip

config ips sensor

config ips sensor

config ips sensor

config entries

config exempt-ip