Operation: Add IPS policy / Update IPS Policy
Description: To Create/Edit IPS Policy for viewing IPS Signatures and configuring the handling of Signatures.  

Sample Configuration
<IPSPolicy> <Name>Name</Name> <Description>Text</Description> <Template>Name of IPS policy</Template> <!-- if template is selected all rules of that template to be inherited and add following if mentioned. if template is not selected only following rules --> <RuleList> <Rule> <RuleName>Rulename</RuleName> <RuleType>Custom Signature/Default Signature</RuleType> <SignaturSelectionType>All Application/Individual Application</SignaturSelectionType> <CategoryList> <Category>All Categories/{Categoryname}</Category> </CategoryList> <SeverityList> <Severity>All Severity/{Severityname}</Severity> </SeverityList> <PlatformList> <Platform>All Platform/{Platformname}</Platform> </PlatformList> <TargetList> <Target>All Target/{Targetname}</Target> </TargetList> <SignatureList> <Signature>{SignatureName}</Signature> </SignatureList> <Action>Allow Packet/Drop Packet/Disable/Drop Session/Reset/Bypass Session/Recommended</Action> </Rule> </RuleList> </IPSPolicy>



Parameter Mandatory Default Description
NameYes  
Specify a name for the IPS Policy.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.
DescriptionNo  
Specify description for IPS Policy.
Description confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
Rule NameYes  
Specify rule name of IPS Policy.
Rule Name confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 70.
  • Multiple values are allowed.
  • Duplicate values will be ignored.
actionYes  
Select the action to perform when matching traffic pattern is detected.
action confines to:
  • Type is 'ARRAY'.
  • Only 'Recommended', 'Allow Packet', 'Drop Packet', 'Disable', 'Drop Session', 'Reset', 'Bypass Session', '7' are allowed.
  • Multiple values are allowed.
  • Duplicate values will not be ignored.
Select all List of Matching SignatureYes  
Select all the Signatures in the list for defining global action.
Select all List of Matching Signature confines to:
  • Type is 'ARRAY'.
  • Only 'Individual Application', 'All Application' are allowed.
  • Multiple values are allowed.
  • Duplicate values will not be ignored.
Individual Matching SignatureNo  
Select individual Signature in the Category for defining action.
Individual Matching Signature confines to:
  • Type is '2DARRAY'.
  • Datatype is 'STRING'.
CategoryNo  
Category under which the IPS Signature falls.
Category confines to:
  • Type is '2DARRAY'.
  • Datatype is 'STRING'.
SeverityNo  
Severity level of the Signature.
Severity confines to:
  • Type is '2DARRAY'.
  • Datatype is 'STRING'.
PlatformNo  
Platform list by id used in filter
Platform confines to:
  • Type is '2DARRAY'.
  • Datatype is 'STRING'.
TargetNo  
Target list by id used in filter
Target confines to:
  • Type is '2DARRAY'.
  • Datatype is 'STRING'.
Rule TypeYes  
Rule type list. (Default rule list or Custom rule list)
Rule Type confines to:
  • Type is 'ARRAY'.
  • Only 'Default Signature', 'Custom Signature' are allowed.
  • Multiple values are allowed.
  • Duplicate values will not be ignored.



Operation   Status   Message
Add IPS policy200
Add IPS policy500
Add IPS policy502
Add IPS policy522
Add IPS policy505
Add IPS policy506
Update IPS Policy200
Update IPS Policy500
Update IPS Policy502
Update IPS Policy506


© Copyright Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.