Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 62

Configuring Intrusion Detection and Prevention Devices Guide
Related Topics
46
Table 29: Exempt Rulebase Rule Properties (continued)
Option
Match > To Zone
Match > Destination
Attacks
VLAN Tag
Install On
Comments
For more information, see the IDP Concepts & Examples guide.
Intrusion Detection and Prevention Devices and Security Policies Overview on page 31
Creating a New Security Policy (NSM Procedure) on page 34
Assigning a Security Policy in an Intrusion Detection and Prevention Device (NSM
Procedure) on page 117
Configuring Backdoor Rulebase Rules (NSM Procedure) on page 47
Function
Specifies the destination
zone.
Specifies the address object
that is the destination of the
traffic, typically a server or
other device on your network.
Specifies the attack(s) you
want the IDP to exempt for
the specified source or
destination addresses.
Specifies that you can
configure a rule to only apply
to messages in certain VLANs.
Specifies the security devices
or templates that receive and
use this rule.
Specifies any miscellaneous
comment about the rule's
purpose.
Your Action
Select the destination zone.
Select the destination object.
NOTE: You can also negate one
or more address objects to specify
all destinations except the
excluded object.
Select the attack objects or
groups.
NOTE: You must include at least
one attack object in an exempt
rule.
Set a value by selecting any of the
following options:
Any—This rule is applied to
messages in any VLAN and to
messages without a VLAN tag.
None—This rule is applied only
to messages that do not have a
VLAN tag.
Select VLAN Tags—This rule
pecifies which VLAN tags the
rule applies to.
Select the target security device.
NOTE: You can also select
multiple security devices on which
to install the rule.
Enter any additional comments
about the rule.
Copyright © 2010, Juniper Networks, Inc.