Verifying the configuration
# Verify that the device can use the default IPS policy to detect and prevent known network attacks.
(Details not shown.)
For
example,
GNU_Bash_Local_Memory_Corruption_Vulnerability(CVE-2014-718), the device automatically
executes the signature actions (reset and logging) on the packet.
# Verify that the device IPS signature library is updated.
<Device> display ips signature information
IPS signature library automatic update configuration example
Network requirements
As shown in
security zone Untrust.
Configure the device to automatically update the local IPS signature library at a random time
between 08:30 am and 09:30 am every Saturday.
Figure 183 Network diagram
Configuration procedure
1.
Assign IP addresses to interfaces, as shown in
2.
Configure DNS for the device to resolve the domain name of the TippingPoint website into the
IP address. (Details not shown.)
3.
Enable automatic IPS signature library update.
<Device> system-view
[Device] ips signature auto-update
[Device-ips-autoupdate]
# Configure the device to perform automatic update at a random time between 08:30 am and
09:30 am every Saturday.
[Device-ips-autoupdate] update schedule weekly sat start-time 9:00:00 tingle 30
[Device-ips-autoupdate] quit
Verifying the configuration
# Verify that the device IPS signature library is updated as scheduled.
<Device> display ips signature information
if
an
incoming
Figure
183, LAN users in the security zone trust can access Internet resources in the
attack
packet
the
Figure
183. (Details not shown.)
590
predefined
IPS
signature