config ips sensor

Configure IPS sensor.

config ips sensor
    Description: Configure IPS sensor.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        config entries
            Description: IPS sensor filter.
            edit <id>
                config rule
                    Description: Identifies the predefined or custom IPS signatures to add to the sensor.
                    edit <id>
                    next
                end
                set location {user}
                set severity {user}
                set protocol {user}
                set os {user}
                set application {user}
                config tags
                    Description: Assign a custom tag filter to the IPS sensor.
                    edit <name>
                    next
                end
                set status [disable|enable|...]
                set log [disable|enable]
                set log-packet [disable|enable]
                set log-attack-context [disable|enable]
                set action [pass|block|...]
                set rate-count {integer}
                set rate-duration {integer}
                set rate-mode [periodical|continuous]
                set rate-track [none|src-ip|...]
                config exempt-ip
                    Description: Traffic from selected source or destination IP addresses is exempt from this signature.
                    edit <id>
                        set src-ip {ipv4-classnet}
                        set dst-ip {ipv4-classnet}
                    next
                end
                set quarantine [none|attacker]
                set quarantine-expiry {user}
                set quarantine-log [disable|enable]
            next
        end
    next
end

config ips sensor

Parameter	Description	Type	Size
comment	Comment.	var-string	Maximum length: 255
replacemsg-group	Replacement message group.	string	Maximum length: 35

config entries

Parameter	Description	Type	Size
location	Protect client or server traffic.	user	Not Specified
severity	Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity.	user	Not Specified
protocol	Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols.	user	Not Specified
os	Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems.	user	Not Specified
application	Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications.	user	Not Specified
status	Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used.	option	-
	Option Description disable Disable status of selected rules. enable Enable status of selected rules. default Default.
log	Enable/disable logging of signatures included in filter.	option	-
	Option Description disable Disable logging of selected rules. enable Enable logging of selected rules.
log-packet	Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use.	option	-
	Option Description disable Disable packet logging of selected rules. enable Enable packet logging of selected rules.
log-attack-context	Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.	option	-
	Option Description disable Disable logging of detailed attack context. enable Enable logging of detailed attack context.
action	Action taken with traffic in which signatures are detected.	option	-
	Option Description pass Pass or allow matching traffic. block Block or drop matching traffic. reset Reset sessions for matching traffic. default Pass or drop matching traffic, depending on the default action of the signature.
rate-count	Count of the rate.	integer	Minimum value: 0 Maximum value: 65535
rate-duration	Duration (sec) of the rate.	integer	Minimum value: 1 Maximum value: 65535
rate-mode	Rate limit mode.	option	-
	Option Description periodical Allow configured number of packets every rate-duration. continuous Block packets once the rate is reached.
rate-track	Track the packet protocol field.	option	-
	Option Description none none src-ip Source IP. dest-ip Destination IP. dhcp-client-mac DHCP client. dns-domain DNS domain.
quarantine	Quarantine method.	option	-
	Option Description none Quarantine is disabled. attacker Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
quarantine-expiry	Duration of quarantine, from 1 minute to 364 days, 23 hours, and 59 minutes from now. . Requires quarantine set to attacker.	user	Not Specified
quarantine-log	Enable/disable quarantine logging.	option	-
	Option Description disable Disable quarantine logging. enable Enable quarantine logging.

config exempt-ip

Parameter	Description	Type	Size
src-ip	Source IP address and netmask.	ipv4-classnet	Not Specified
dst-ip	Destination IP address and netmask.	ipv4-classnet	Not Specified