config firewall sniffer
Configure sniffer.
config firewall sniffer
Description: Configure sniffer.
edit <id>
set status [enable|disable]
set logtraffic [all|utm|...]
set ipv6 [enable|disable]
set non-ip [enable|disable]
set interface {string}
set host {string}
set port {string}
set protocol {string}
set vlan {string}
set application-list-status [enable|disable]
set application-list {string}
set ips-sensor-status [enable|disable]
set ips-sensor {string}
set dsri [enable|disable]
set av-profile-status [enable|disable]
set av-profile {string}
set webfilter-profile-status [enable|disable]
set webfilter-profile {string}
set emailfilter-profile-status [enable|disable]
set emailfilter-profile {string}
set dlp-sensor-status [enable|disable]
set dlp-sensor {string}
set ip-threatfeed-status [enable|disable]
set ip-threatfeed <name1>, <name2>, ...
set file-filter-profile-status [enable|disable]
set file-filter-profile {string}
set ips-dos-status [enable|disable]
config anomaly
Description: Configuration method to edit Denial of Service (DoS) anomaly settings.
edit <name>
set status [disable|enable]
set log [enable|disable]
set action [pass|block]
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
set threshold {integer}
set threshold(default) {integer}
next
end
set max-packet-count {integer}
next
end
config firewall sniffer
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the active status of the sniffer. |
option |
- |
enable |
||||||||
|
|
|||||||||||
logtraffic |
Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. |
option |
- |
utm |
||||||||
|
|
|||||||||||
ipv6 |
Enable/disable sniffing IPv6 packets. |
option |
- |
disable |
||||||||
|
|
|||||||||||
non-ip |
Enable/disable sniffing non-IP packets. |
option |
- |
disable |
||||||||
|
|
|||||||||||
interface |
Interface name that traffic sniffing will take place on. |
string |
Not Specified |
|
||||||||
host |
Hosts to filter for in sniffer traffic . |
string |
Not Specified |
|
||||||||
port |
Ports to sniff . |
string |
Not Specified |
|
||||||||
protocol |
Integer value for the protocol type as defined by IANA . |
string |
Not Specified |
|
||||||||
vlan |
List of VLANs to sniff. |
string |
Not Specified |
|
||||||||
application-list-status |
Enable/disable application control profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
application-list |
Name of an existing application list. |
string |
Not Specified |
|
||||||||
ips-sensor-status |
Enable/disable IPS sensor. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ips-sensor |
Name of an existing IPS sensor. |
string |
Not Specified |
|
||||||||
dsri |
Enable/disable DSRI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
av-profile-status |
Enable/disable antivirus profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
av-profile |
Name of an existing antivirus profile. |
string |
Not Specified |
|
||||||||
webfilter-profile-status |
Enable/disable web filter profile. |
option |
- |
disable |
||||||||
|
|
|||||||||||
webfilter-profile |
Name of an existing web filter profile. |
string |
Not Specified |
|
||||||||
emailfilter-profile-status |
Enable/disable emailfilter. |
option |
- |
disable |
||||||||
|
|
|||||||||||
emailfilter-profile |
Name of an existing email filter profile. |
string |
Not Specified |
|
||||||||
dlp-sensor-status |
Enable/disable DLP sensor. |
option |
- |
disable |
||||||||
|
|
|||||||||||
dlp-sensor |
Name of an existing DLP sensor. |
string |
Not Specified |
|
||||||||
ip-threatfeed-status |
Enable/disable IP threat feed. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ip-threatfeed |
Name of an existing IP threat feed. Threat feed name. |
string |
Maximum length: 79 |
|
||||||||
file-filter-profile-status |
Enable/disable file filter. |
option |
- |
disable |
||||||||
|
|
|||||||||||
file-filter-profile |
Name of an existing file-filter profile. |
string |
Not Specified |
|
||||||||
ips-dos-status |
Enable/disable IPS DoS anomaly detection. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-packet-count |
Maximum packet count . |
integer |
Minimum value: 1 Maximum value: 10000 ** |
4000 |
** Values may differ between models.
config anomaly
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable this anomaly. |
option |
- |
disable |
||||||
|
|
|||||||||
log |
Enable/disable anomaly logging. |
option |
- |
disable |
||||||
|
|
|||||||||
action |
Action taken when the threshold is reached. |
option |
- |
pass |
||||||
|
|
|||||||||
quarantine |
Quarantine method. |
option |
- |
none |
||||||
|
|
|||||||||
quarantine-expiry |
Duration of quarantine. . Requires quarantine set to attacker. |
user |
Not Specified |
5m |
||||||
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
enable |
||||||
|
|
|||||||||
threshold |
Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
0 |
||||||
threshold(default) |
Number of detected instances . Note that each anomaly has a different threshold value assigned to it. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |