Specifying Rule Match Conditions - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Table 20: IDP Rulebase Rule Properties (continued)
Property
Severity
Install On
Optional Fields
Comments

Specifying Rule Match Conditions

Table 21: IDP Rulebase Match Condition Settings
Column
From zone / To zone
Source
Copyright © 2010, Juniper Networks, Inc.
Reference
You can use the default severity settings of the selected attack objects, or you can choose a specific
severity for your rule.
Specifies the selected source and destination zone that are available on the security device.
Specifies the optional fields that you can configure in the rule.
Describes any additional comments about the rule.
Following are the updates that you can perform on an IDP rulebase rule:
Specifying Rule Match Conditions on page 37
Specifying IDP Rulebase Attack Objects on page 38
Specifying Rule Session Action on page 39
Specifying Rule IP Action on page 41
Specifying Rule Notification Options on page 42
Specifying Rule VLAN Matches on page 42
Specifying Rule Targets on page 43
Specifying Rule Severity on page 43
Specifying Rule Optional Fields on page 44
Specifying Rule Comments on page 44
To specify rule match conditions, right-click the table cell and select your setting.
Table 21 on page 37 describes match condition columns for IDP rulebase rules.
Description
Not applicable for standalone IDP devices.
Select Address–Display the Select Address dialog box where you can select address objects for
traffic sources.
Any–Matches any source of traffic. To guard against incoming attacks, you typically specify Any.
Negate–Matches any except those specified.
To use address negation:
1. Add the address object.
2. Right-click the address object and select Negate.
Chapter 4: Configuring Security Policies
37