Assigning Ids Policies - AudioCodes Mediant 500L User Manual

User's Manual
Parameter
[IDSRule_DenyThresho
ld]
Deny Period
deny-period
[IDSRule_DenyPeriod]

13.3.3 Assigning IDS Policies

The IDS Matches table lets you implement your configured IDS Policies. You do this by
assigning IDS Policies to any, or a combination of the following configuration entities:

SIP Interface: For detection of malicious attacks on specific SIP Interface(s). To
configure SIP Interfaces, see ''Configuring SIP Interfaces'' on page 355.

Proxy Sets: For detection of malicious attacks from specified Proxy Set(s). To
configure Proxy Sets, see ''Configuring Proxy Sets'' on page 378.

Subnet addresses: For detection of malicious attacks from specified subnet
addresses.
You can configure up to 20 IDS Policy-Matching rules.
The following procedure describes how to configure the IDS Match table through the Web
interface. You can also configure it through ini file (IDSMatch) or CLI (configure voip > ids
match).

To configure an IDS Policy-Matching rule:
1. Open the IDS Matches table (Setup menu > Signaling & Media tab > Intrusion
Detection folder > IDS Matches).
2. Click New; the following dialog box appears:
The figure above shows a configuration example where the IDS Policy "SIP Trunk" is
applied to SIP Interfaces 1 and 2, and to all source IP addresses outside of subnet
10.1.0.0/16 and IP address 10.2.2.2.
Version 7.2
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope' parameter
is set to IP or IP+Port.
Defines the duration (in sec) to keep the attacker on the blacklist, if
configured using the 'Deny Threshold' parameter.
The valid range is 0 to 1,000,000. The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope' parameter
is set to IP or IP+Port.
Figure 13-7: IDS Matches Table - Add Dialog Box
Description
181 Mediant 500L Gateway & E-SBC
13. Security