config ips sensor
Configure IPS sensor.
config ips sensor
Description: Configure IPS sensor.
edit <name>
set block-malicious-url [disable|enable]
set comment {var-string}
config entries
Description: IPS sensor filter.
edit <id>
set rule <id1>, <id2>, ...
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set log-attack-context [disable|enable]
set action [pass|block|...]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
config exempt-ip
Description: Traffic from selected source or destination IP addresses is exempt from this signature.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
set extended-log [enable|disable]
config filter
Description: IPS sensor filter.
edit <name>
set location {user}
set severity {user}
set protocol {user}
set os {user}
set application {user}
set status [disable|enable|...]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
next
end
config override
Description: IPS override rule.
edit <rule-id>
set status [disable|enable]
set log [disable|enable]
set log-packet [disable|enable]
set action [pass|block|...]
set quarantine [none|attacker]
set quarantine-expiry {integer}
set quarantine-log [disable|enable]
config exempt-ip
Description: Exempted IP.
edit <id>
set src-ip {ipv4-classnet}
set dst-ip {ipv4-classnet}
next
end
next
end
set replacemsg-group {string}
set scan-botnet-connections [disable|block|...]
next
end
config ips sensor
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
block-malicious-url * |
Enable/disable malicious URL blocking. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
comment |
Comment. |
var-string |
Maximum length: 255 |
|||||||||
|
extended-log |
Enable/disable extended logging. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
name |
Sensor name. |
string |
Maximum length: 35 |
|||||||||
|
replacemsg-group |
Replacement message group. |
string |
Maximum length: 35 |
|||||||||
|
scan-botnet-connections |
Block or monitor connections to Botnet servers, or disable Botnet scanning. |
option |
- |
|||||||||
|
|
|
|||||||||||
* This parameter may not exist in some models.
config entries
|
Parameter |
Description |
Type |
Size |
|||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
id |
Rule ID in IPS database. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||
|
rule |
Identifies the predefined or custom IPS signatures to add to the sensor. Rule IPS. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||
|
location |
Protect client or server traffic. |
user |
Not Specified |
|||||||||||||
|
severity |
Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. |
user |
Not Specified |
|||||||||||||
|
protocol |
Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. |
user |
Not Specified |
|||||||||||||
|
os |
Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. |
user |
Not Specified |
|||||||||||||
|
application |
Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. |
user |
Not Specified |
|||||||||||||
|
status |
Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
log |
Enable/disable logging of signatures included in filter. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
log-packet |
Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
log-attack-context |
Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
action |
Action taken with traffic in which signatures are detected. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
rate-count |
Count of the rate. |
integer |
Minimum value: 0 Maximum value: 65535 |
|||||||||||||
|
rate-duration |
Duration (sec) of the rate. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||
|
rate-mode |
Rate limit mode. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
rate-track |
Track the packet protocol field. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
quarantine |
Quarantine method. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
quarantine-expiry |
Duration of quarantine.. Requires quarantine set to attacker. |
user |
Not Specified |
|||||||||||||
|
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
config exempt-ip
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
id |
Exempt IP ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
src-ip |
Source IP address and netmask. |
ipv4-classnet |
Not Specified |
|
dst-ip |
Destination IP address and netmask. |
ipv4-classnet |
Not Specified |
config filter
|
Parameter |
Description |
Type |
Size |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Filter name. |
string |
Maximum length: 31 |
|||||||||||
|
location |
Vulnerability location filter. |
user |
Not Specified |
|||||||||||
|
severity |
Vulnerability severity filter. |
user |
Not Specified |
|||||||||||
|
protocol |
Vulnerable protocol filter. |
user |
Not Specified |
|||||||||||
|
os |
Vulnerable OS filter. |
user |
Not Specified |
|||||||||||
|
application |
Vulnerable application filter. |
user |
Not Specified |
|||||||||||
|
status |
Selected rules status. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
log |
Enable/disable logging of selected rules. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
log-packet |
Enable/disable packet logging of selected rules. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
action |
Action of selected rules. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
quarantine |
Quarantine IP or interface. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
quarantine-expiry |
Duration of quarantine in minute. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
|||||||||||
|
quarantine-log |
Enable/disable logging of selected quarantine. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
config override
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
rule-id |
Override rule ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||
|
status |
Enable/disable status of override rule. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
log |
Enable/disable logging. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
log-packet |
Enable/disable packet logging. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
action |
Action of override rule. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
quarantine |
Quarantine IP or interface. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
quarantine-expiry |
Duration of quarantine in minute. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
|||||||||
|
quarantine-log |
Enable/disable logging of selected quarantine. |
option |
- |
|||||||||
|
|
|
|||||||||||
config exempt-ip
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
id |
Exempt IP ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
src-ip |
Source IP address and netmask. |
ipv4-classnet |
Not Specified |
|
dst-ip |
Destination IP address and netmask. |
ipv4-classnet |
Not Specified |