Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 75

Table 34: APE Rulebase Rule Properties (continued)
Option
Action
Notification
VLAN Tag
Install On
Comments
Copyright © 2010, Juniper Networks, Inc.
Function
Specifies which actions to perform against
attacks that match rules in your security
policy.
Specifies logging options. Packet capture
is not applicable for APE rulebase rules.
Specifies rules to traffic on certain VLANs.
Normally, for a rule to take effect, it must
match the packet source, destination,
service, and attack objects. If the VLAN cell
is populated with a value other than any,
then the rule will also consider the packet's
VLAN tag when determining a match.
Specifies target IDP devices for the rule. By
default, IDP security policy rules can be
applied to any IDP device.
Adds notations about the rule. This setting
is optional and does not affect the
functionality of the security policy rule.
You can verify the APE rulebase functionality in your lab and view APE related statistics
in the Command-Line Interface (CLI). It is recommended that you retain defaults for APE
rulebase. By default:
Chapter 4: Configuring Security Policies
Your Action
Right-click the table cell and select any one of
the following options:
None — IDP takes no action against the
connection.
Drop Packet — IDP drops a matching packet
before it can reach its destination but does
not close the connection.
Drop Connection — IDP drops the
connection without sending an RST packet
to the sender, preventing the traffic from
reaching its destination.
Close Client — IDP closes the connection to
the client and not to the server.
Close Server — IDP closes the connection
to the server and not to the client.
Close Client and Server — IDP closes the
connection and sends a RST packet to both
the client and the server.
Diffserv Marking — Assigns the service
differentiation value indicated to the packet,
then passes it on normally.
Rate Limiting — IDP enforces a rate limit for
all current sessions that match the rule
(separate limits for client-to-server and
server-to-client traffic). If the limit has not
been reached, IDP forwards the packets. If
the limit has been reached, IDP behaves as
if no bandwidth is available.
Right-click the table cell and select Configure
to display a dialog box where you can configure
logging options.
Right-click the table cell to assign a VLAN
object to a rule or to set the VLAN tag value to
none.
Right-click the table cell and select Select
Target to display a dialog box to specify the
IDP devices to which the rule can be installed.
Right-click the table cell and select Edit
Comments to display a dialog box where you
can make notations about the rule.
59