Header/Footer IPS
You can create new IPS headers and footers for use in Intrusion Prevention object configuration. When a IPS header/footer is created and assigned to an ADOM, all new and existing Intrusion Prevention objects in that ADOM will include the header and footer.
The Header/Footer IPS table includes the following features in the toolbar:
Create New | Create a new IPS header/footer. |
Edit | Edit an existing IPS header/footer. |
Delete | Delete an existing IPS header/footer. |
ADOM Assignments | Specify to which ADOM(s) an IPS header/footer can be assigned. |
Assign/Un-assign |
Assign the IPS header/footer to one or more ADOMs. ADOMs will not appear in the Assign/Un-assign list unless they have first been specified using ADOM Assignment. When the IPS header/footer is assigned to an ADOM, all new and existing Intrusion Prevention objects within this ADOM are updated to include the IPS headers and footers. |
Column Settings |
Configure which columns are displayed in the Header/Footer IPS table. |
To create an IPS header or footer sensor:
- Change the ADOM to Global Database.
- Click Header/Footer IPS from the navigation menu, and click Create New. The Create New Header/Footer IPS Sensor page is displayed.
- Configure the IPS header/footer, and click OK. The following settings are available:
Name Enter a name. Comments Optionally, enter comments about the IPS header/footer. IPS Signatures and Filters Click Create new, and select Header IPS or Footer IPS to create new IPS signatures and filters.
Filters
When creating filters, the following settings are available: Action (Allow, Monitor, Block, Reset, Default, Quarantine), Packet Logging, Status, and Filter. Click the edit filter icon to create a new filter.
For information on hold-time and CVE filter options, see Intrusion prevention hold-time and CVE filtering.
Signatures
When selecting signatures, the following settings are available: Action (Allow, Monitor, Block, Reset, Default, Quarantine), Packet Logging, Status, Rate-based Setting, Exempt IPs, and Signatures. Click Add Signature to select a new signature.
Revision Enter a change note for any changes made to the IPS header/footer sensor.
Previous changes are displayed under Revision History.
To assign an IPS header/footer to an ADOM:
- Change the ADOM to Global Database.
- Click Header/Footer IPS from the navigation menu, and click ADOM Assignments.
ADOM Assignments determines to which ADOM(s) an IPS header/footer can be assigned. - From the ADOM selector, choose one or more ADOMs, and click OK.
In the Header/Footer IPS table, the header/footer displays that it is not yet applied to the ADOM(s) in the Assign to ADOM column. - Click Assign/Un-assign in the toolbar, select the ADOM where the IPS header/footer will be assigned, and click OK.
In the Header/Footer IPS table, the header/footer displays that it is applied to the selected ADOM. - Navigate to the ADOM where the IPS header/footer was installed, and go to Policy & Objects > Security Profiles > Intrusion Prevention.
All new and existing Intrusion Prevention objects within this ADOM include the IPS headers and footers that were assigned to the ADOM.
To un-assign a global IPS header and footer from an ADOM:
- Change the ADOM to Global Database.
- Click Header/Footer IPS from the navigation menu, and select the IPS header/footer that you want to un-assign.
- Click Assign/Un-assign in the toolbar, and select the Un-assign tab in the dialog window that appears.
- Select the ADOMs to be un-assigned from the ADOM, and click OK.