Configuring Intrusion Detection and Prevention Devices Guide
Table 21: IDP Rulebase Match Condition Settings (continued)
Column
User Role
Destination
Service
Terminate
Specifying IDP Rulebase Attack Objects
38
Description
Select User Role–Displays the Select User Role dialog box where you can select or configure user
role matches.
If a value for User Role matches, the Source parameter is not consulted.
User role-based rules are evaluated before IP source rules. If a user role matches, and if the other
match criteria are met, the rule is applied and IP address-based rules are not consulted.
NOTE: Matching based on user role depends on integration with Juniper Networks Infranet
Controllers.
Select Address–Display the Select Address dialog box where you can select address objects for
destination servers.
Any–Matches any destination address.
Negate–Specifies any except those specified.
To use address negation:
1.
Add the address object.
2. Right-click the address object and select Negate.
Default–Matches the service(s) specified in the rule attack object(s).
If you have enabled the Application Identification (AI) feature, the IDP process engine identifies
services even if they are running on nonstandard ports.
If you have not enabled AI and specify Default, the IDP process engine assumes that standard ports
are used for the service.
NOTE: If you do not enable AI and your service uses nonstandard ports, you must create a custom
service objects.
Any–Matches any service.
Select Service–Display the Select Service dialog box where you can select predefined or custom
service objects.
Enable or Disable–Marks the rule a terminal rule (or clears the mark). If a session matches a terminal
rule, the IDP process engine does not load any subsequent rules. It takes action, if any, according
to the terminal rule.
To add attack objects:
Right-click the table cell for attacks and select Select Attacks.
1.
In the All Attacks/Groups box, expand Attack Groups.
2.
Copyright © 2010, Juniper Networks, Inc.