Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 69

Configuring intrusion detection and prevention devices guide
Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:
Table of Contents

Advertisement

Copyright © 2010, Juniper Networks, Inc.
Table 32: Traffic Anomalies Rulebase Rule Properties (continued)
Option
Traffic Anomaly
IP Action
Notification
Function
Specifies how IDP is to treat
the matching traffic.
Allows you to log, drop, or
close the current connection
for each attack that matches
a rule.
Allows you to create log
records with attack
information that you can view
real-time in the Log Viewer.
NOTE: For more critical
attacks, you can also set an
alert flag to appear in the log
record.
Chapter 4: Configuring Security Policies
Your Action
Select any of the following
options:
Ignore—IDP ignores this traffic.
This option excludes traffic from
trusted sources that might be
falsely construed as a scan.
Detect—IDP matches this traffic
and takes the IP action that you
have set.
When you select this option, the
Traffic Anomalies dialog box
appears. Select the scans or
sweep you want to detect and
enter values for Port Count and
Time Threshold (in seconds) or
Session Count.
Select Configure to do any one of
the following actions:
Enabled—Enables IP actions.
Action—Specifies the action you
want the IDP to take.
Block—Specifies which
parameters IDP will use to close
or block further connections
from the drop down list.
Logging—Specifies the log
action for a matching event.
Timeout (sec)—Specifies the
number of seconds that this
action remains in effect on IDP
after a traffic match.
Select Configure to create log
records.
NOTE: The Configure menu option
does not appear if the Mode
column is set to None.
Select Logging to have a log
record created each time the
rule is matched.
Select Alert to have an alert flag
placed in the Alert column of
the Log Viewer for the matching
log record.
In the Log Actions tab, select
desired log actions, if any.
53

Advertisement

Table of Contents
loading

Table of Contents