config firewall sniffer
Configure sniffer.
config firewall sniffer
Description: Configure sniffer.
edit <id>
config anomaly
Description: Configuration method to edit Denial of Service (DoS) anomaly settings.
edit <name>
set name {string}
set status [disable|enable]
set log [enable|disable]
set action [pass|block]
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
set threshold {integer}
set threshold(default) {integer}
next
end
set application-list {string}
set application-list-status [enable|disable]
set av-profile {string}
set av-profile-status [enable|disable]
set dlp-sensor {string}
set dlp-sensor-status [enable|disable]
set dsri [enable|disable]
set emailfilter-profile {string}
set emailfilter-profile-status [enable|disable]
set file-filter-profile {string}
set file-filter-profile-status [enable|disable]
set host {string}
set id {integer}
set interface {string}
set ip-threatfeed <name1>, <name2>, ...
set ip-threatfeed-status [enable|disable]
set ips-dos-status [enable|disable]
set ips-sensor {string}
set ips-sensor-status [enable|disable]
set ipv6 [enable|disable]
set logtraffic [all|utm|...]
set max-packet-count {integer}
set non-ip [enable|disable]
set port {string}
set protocol {string}
set status [enable|disable]
set vlan {string}
set webfilter-profile {string}
set webfilter-profile-status [enable|disable]
next
end
config firewall sniffer
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
application-list |
Name of an existing application list. |
string |
Not Specified |
|
||||||||
|
application-list-status |
Enable/disable application control profile. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
av-profile |
Name of an existing antivirus profile. |
string |
Not Specified |
|
||||||||
|
av-profile-status |
Enable/disable antivirus profile. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
dlp-sensor |
Name of an existing DLP sensor. |
string |
Not Specified |
|
||||||||
|
dlp-sensor-status |
Enable/disable DLP sensor. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
dsri |
Enable/disable DSRI. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
emailfilter-profile |
Name of an existing email filter profile. |
string |
Not Specified |
|
||||||||
|
emailfilter-profile-status |
Enable/disable emailfilter. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
file-filter-profile |
Name of an existing file-filter profile. |
string |
Not Specified |
|
||||||||
|
file-filter-profile-status |
Enable/disable file filter. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
host |
Hosts to filter for in sniffer traffic. |
string |
Not Specified |
|
||||||||
|
id |
Sniffer ID. |
integer |
Minimum value: 0 Maximum value: 9999 |
0 |
||||||||
|
interface |
Interface name that traffic sniffing will take place on. |
string |
Not Specified |
|
||||||||
|
ip-threatfeed |
Name of an existing IP threat feed. Threat feed name. |
string |
Maximum length: 79 |
|
||||||||
|
ip-threatfeed-status |
Enable/disable IP threat feed. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ips-dos-status |
Enable/disable IPS DoS anomaly detection. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ips-sensor |
Name of an existing IPS sensor. |
string |
Not Specified |
|
||||||||
|
ips-sensor-status |
Enable/disable IPS sensor. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ipv6 |
Enable/disable sniffing IPv6 packets. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
logtraffic |
Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. |
option |
- |
utm |
||||||||
|
|
|
|||||||||||
|
max-packet-count |
Maximum packet count. |
integer |
Minimum value: 1 Maximum value: 1000000 ** |
4000 |
||||||||
|
non-ip |
Enable/disable sniffing non-IP packets. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
port |
Ports to sniff. |
string |
Not Specified |
|
||||||||
|
protocol |
Integer value for the protocol type as defined by IANA. |
string |
Not Specified |
|
||||||||
|
status |
Enable/disable the active status of the sniffer. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
vlan |
List of VLANs to sniff. |
string |
Not Specified |
|
||||||||
|
webfilter-profile |
Name of an existing web filter profile. |
string |
Not Specified |
|
||||||||
|
webfilter-profile-status |
Enable/disable web filter profile. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
** Values may differ between models.
config anomaly
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Anomaly name. |
string |
Not Specified |
|
||||||
|
status |
Enable/disable this anomaly. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
log |
Enable/disable anomaly logging. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
action |
Action taken when the threshold is reached. |
option |
- |
pass |
||||||
|
|
|
|||||||||
|
quarantine |
Quarantine method. |
option |
- |
none |
||||||
|
|
|
|||||||||
|
quarantine-expiry |
Duration of quarantine.. Requires quarantine set to attacker. |
user |
Not Specified |
5m |
||||||
|
quarantine-log |
Enable/disable quarantine logging. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
threshold |
Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action. |
integer |
Minimum value: 1 Maximum value: 2147483647 |
0 |
||||||
|
threshold(default) |
Number of detected instances. Note that each anomaly has a different threshold value assigned to it. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||