Device Configuration : Protect : Intrusion Prevention : IPS Policies : IPS Policy Rules
IPS Policy Rules
Add IPS Policy Rules allows you to manually configure policy rules.
Once the policy is created, policy rules can be added to take appropriate action for signatures in the policy. Define a rule to configure an action to be taken when the matching traffic pattern is found. If the rules are already added, a list of rules is displayed along with its details like signature filtering criteria, action.
1. Go to Device Configuration > Protect > Intrusion Prevention > IPS Policies .
2. Click the edit button against the policy to which you wish to add a rule.
3. Click Add.
4. Specify the following:
Rule Name
Enter a unique name for the IPS policy rule.
5. Enter signature criteria.
Default
Select to view a list of default signatures.
Custom Signature
Select to view a list of custom signatures.
Category
Select IPS signature category from the list of available categories.
Severity
Severity is the level of threat posed by the attack. Select the type of severity from the available options.
Available Options:
Select All
1 - Critical
2 - Major
3 - Moderate
4 - Minor
5 - Warning
Platform
Platform is the OS affected by the attack. Select the platform from the available options:
Available Options:
Select All
Windows
Linux
Unix
MAC
Solaris
BSD
Other
Target
Target is the type of device targeted by the attack. Select the target from available options:
Available Options:
Select All
Client
Server
Smart Filter (available only if Select All is selected)
Enter the partial or full signature name to filter by name.
6. Manage the list of matching signatures.
Select All
Select to choose all the signatures listed for the selected criteria.
Based on the signature criteria the signatures are made available.
Select Individual Signature
Select to customize the choice of signatures list for the selected criteria.
Based on the signature criteria the signatures are made available.
7. Specify the action details.
Action
Select an action to be taken from the available options:
Available Options:
* Recommended: This action means that you want the OS to handle this alert level according to best-fit recommendations.
* Allow Packet: Allows the packet to its intended destination.
* Drop Packet: Drops packets if it detects any traffic that matches the signature.
* Disable: Disables the signature, if it detects any traffic that matches the signature.
* Drop Session: Drops the entire session if detects any traffic that matches the signature.
* Reset: Resets entire session if detects any traffic that matches the signature.
* Bypass Session: Allows the entire session if detects any traffic that matches the signature.
8. Click Save.