config firewall sniffer
Configure sniffer.
config firewall sniffer Description: Configure sniffer. edit <id> config anomaly Description: Configuration method to edit Denial of Service (DoS) anomaly settings. edit <name> set status [disable|enable] set log [enable|disable] set action [pass|block] set quarantine [none|attacker] set quarantine-expiry {user} set quarantine-log [disable|enable] set threshold {integer} set threshold(default) {integer} next end set application-list {string} set application-list-status [enable|disable] set av-profile {string} set av-profile-status [enable|disable] set dlp-profile {string} set dlp-profile-status [enable|disable] set dsri [enable|disable] set emailfilter-profile {string} set emailfilter-profile-status [enable|disable] set file-filter-profile {string} set file-filter-profile-status [enable|disable] set host {string} set interface {string} set ip-threatfeed <name1>, <name2>, ... set ip-threatfeed-status [enable|disable] set ips-dos-status [enable|disable] set ips-sensor {string} set ips-sensor-status [enable|disable] set ipv6 [enable|disable] set logtraffic [all|utm|...] set non-ip [enable|disable] set port {string} set protocol {string} set status [enable|disable] set vlan {string} set webfilter-profile {string} set webfilter-profile-status [enable|disable] next end
config firewall sniffer
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
application-list |
Name of an existing application list. |
string |
Maximum length: 35 |
|
||||||||
application-list-status |
Enable/disable application control profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
av-profile |
Name of an existing antivirus profile. |
string |
Maximum length: 35 |
|
||||||||
av-profile-status |
Enable/disable antivirus profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
dlp-profile |
Name of an existing DLP profile. |
string |
Maximum length: 35 |
|
||||||||
dlp-profile-status |
Enable/disable DLP profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
dsri |
Enable/disable DSRI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
emailfilter-profile |
Name of an existing email filter profile. |
string |
Maximum length: 35 |
|
||||||||
emailfilter-profile-status |
Enable/disable emailfilter. |
option |
- |
disable |
||||||||
|
|
|||||||||||
file-filter-profile |
Name of an existing file-filter profile. |
string |
Maximum length: 35 |
|
||||||||
file-filter-profile-status |
Enable/disable file filter. |
option |
- |
disable |
||||||||
|
|
|||||||||||
host |
Hosts to filter for in sniffer traffic. |
string |
Maximum length: 63 |
|
||||||||
id |
Sniffer ID. |
integer |
Minimum value: 0 Maximum value: 9999 |
0 |
||||||||
interface |
Interface name that traffic sniffing will take place on. |
string |
Maximum length: 35 |
|
||||||||
ip-threatfeed |
Name of an existing IP threat feed. Threat feed name. |
string |
Maximum length: 79 |
|
||||||||
ip-threatfeed-status |
Enable/disable IP threat feed. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ips-dos-status |
Enable/disable IPS DoS anomaly detection. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ips-sensor |
Name of an existing IPS sensor. |
string |
Maximum length: 35 |
|
||||||||
ips-sensor-status |
Enable/disable IPS sensor. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ipv6 |
Enable/disable sniffing IPv6 packets. |
option |
- |
disable |
||||||||
|
|
|||||||||||
logtraffic |
Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. |
option |
- |
utm |
||||||||
|
|
|||||||||||
non-ip |
Enable/disable sniffing non-IP packets. |
option |
- |
disable |
||||||||
|
|
|||||||||||
port |
Ports to sniff. |
string |
Maximum length: 63 |
|
||||||||
protocol |
Integer value for the protocol type as defined by IANA. |
string |
Maximum length: 63 |
|
||||||||
status |
Enable/disable the active status of the sniffer. |
option |
- |
enable |
||||||||
|
|
|||||||||||
vlan |
List of VLANs to sniff. |
string |
Maximum length: 63 |
|
||||||||
webfilter-profile |
Name of an existing web filter profile. |
string |
Maximum length: 35 |
|
||||||||
webfilter-profile-status |
Enable/disable web filter profile. |
option |
- |
disable |
||||||||
|
|
config anomaly
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
name |
Anomaly name. |
string |
Maximum length: 63 |
|
||||||
status |
Enable/disable this anomaly. |
option |
- |
disable |
||||||
|
|
|||||||||
log |
Enable/disable anomaly logging. |
option |
- |
disable |
||||||
|
|
|||||||||
action |
Action taken when the threshold is reached. |
option |
- |
pass |
||||||
|
|
|||||||||
quarantine |
Quarantine method. |
option |
- |
none |
||||||
|
|
|||||||||
quarantine-expiry |
Duration of quarantine.. Requires quarantine set to attacker. |
user |
Not Specified |
5m |
||||||
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
enable |
||||||
|
|
|||||||||
threshold |
Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
0 |
||||||
threshold(default) |
Number of detected instances. Note that each anomaly has a different threshold value assigned to it. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |