Device Configuration : Protect : Intrusion Prevention : Custom IPS Patterns : Adding IPS Pattern
Adding IPS Pattern
Use Add IPS Pattern page to add Custom IPS Pattern.
The Add IPS Pattern page allows you to add a new Custom IPS Pattern.
1. Go to Device Configuration > Protect > Intrusion Prevention > Custom IPS Patterns and click Add.
2. Enter the IPS Pattern details.
Name
Enter a name to identify the Custom IPS Pattern.
Protocol
Select IPS protocol from the list.
Available Options:
* TCP
* UDP
* ICMP
* ALL
Custom Rule
Specify IPS Pattern definition.
Signature definition must begin with a keyword followed by the value enclosed between the double quotes and must end with semicolon (;)
Format: Keyword: "value";
For example, content: "USER JOHN";
If traffic with the content USER JOHN is detected, action defined in the policy will be taken.
Refer to Appendix B – IPS - Custom IPS Pattern Syntax for more details on creating IPS Pattern.
Severity
Select the level of severity from the available options.
* Critical
* Major
* Moderate
* Minor
* Warning
Recommended Action
Specify action to be taken on the selected policy when matching pattern is found.
Available Actions:
* Allow Packet - Check each packet before taking action.
* Drop Packet - Drop packets.
* Drop Session - Terminate entire session instead of scanning all the session packets to save resources and avoid getting high number of alerts.
* Reset - Send TCP reset packet to the originator.
* Bypass Session - Scan initial packets only. If the initial packets match the pattern then the rest of the session packets are not scanned and the traffic is allowed to pass.
In all the cases, device generates the log and alerts the Network Administrator.
3. Click Save to add the IPS pattern with the options you have configured.