Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 69

Copyright © 2010, Juniper Networks, Inc.
Table 32: Traffic Anomalies Rulebase Rule Properties (continued)
Option
IP Action
Notification
VLAN Tag
Severity
Function
Allows you to log, drop, or
close the current connection
for each attack that matches
a rule.
Allows you to create log
records with attack
information that you can view
real-time in the Log Viewer.
NOTE: For more critical
attacks, you can also set an
alert flag to appear in the log
record.
Specifies that you can
configure a rule to only apply
to messages in certain VLANs.
Specifies if you can override
the inherent attack severity
on a per-rule basis within the
IDP rulebase.
Chapter 4: Configuring Security Policies
Your Action
Select Configure to do any one of
the following actions:
Enabled—Enables IP actions.
Action—Specifies the action you
want the IDP to take.
Block—Specifies which
parameters IDP will use to close
or block further connections
from the drop down list.
Logging—Specifies the log
action for a matching event.
Timeout (sec)—Specifies the
number of seconds that this
action remains in effect on IDP
after a traffic match.
Select Configure to create log
records.
NOTE: The Configure menu option
does not appear if the Mode
column is set to None.
Select Logging to have a log
record created each time the
rule is matched.
Select Alert to have an alert flag
placed in the Alert column of
the Log Viewer for the matching
log record.
In the Log Actions tab, select
desired log actions, if any.
Set a value by selecting any of the
following options:
Any—This rule is applied to
messages in any VLAN and to
messages without a VLAN tag.
None—This rule is applied only
to messages that do not have a
VLAN tag.
Select VLAN Tags—Specifies
which VLAN tags the rule
applies to.
Set the severity to Default, Info,
Warning, Minor, or Critical.
NOTE: This column only appears
when you view the Security Policy
in Expanded Mode.
53