Configuring Application Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring Intrusion Detection and Prevention Devices Guide

Configuring Application Rulebase Rules (NSM Procedure)

Table 34: APE Rulebase Rule Properties

Option

No.

Match > Source

Match > User Role

The Application Policy Enforcement (APE) rulebase enables you to limit bandwidth for

specified users and/or applications. You can configure APE rules to detect network traffic

based on application signatures. The APE rules are sent as part of the IDP rulebase, and

the attacks are mapped from the corresponding application. The user can define custom

application signatures to be used in the APE rules. The custom application is included

as part of the policy update for IDP 5.0 and later supported devices (devices that have

application identification support).

To configure an APE rulebase rule:

In the NSM navigation tree, select Policy Manager > Security Policies.

Select and double-click the security policy to which you want to add the APE rulebase

rule.

Click New in the upper right corner of the policy viewer and select Add Application

Rulebase.

Click the New button within the rules viewer to add a rule.

Modify the property of the rule by right-clicking the table cell for the property and

making your modifications.

Configure or modify the rule using the settings described in Table 34 on page 58.

Click OK to save your changes.

Function

Specifies if you want to add, delete, copy,

or reorder rules.

Specifies the address object that is the

source of the traffic.

Specifies the user roles to match the

session for the rule to be applied. If a value

for User Role matches, the Source

parameter is not consulted.

Matching based on user role depends on

integration with a compatible Juniper

Networks IC Series Unified Access Control

appliance.

Your Action

Right-click the table cell for the rule number

and make your required modifications.

Select any to monitor network traffic

originating from any IP address.

NOTE: For guidelines on specifying match

parameters, see the IDP Concepts and

Examples Guide.

Right-click the table cell to select user roles.

Table of Contents

Configuring Application Rulebase Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Configuring Application Rulebase Rules (NSM Procedure)

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents