Network and Security Manager 2010.4 API Guide
Table 15: IDP Rulebase Data Elements (continued)
Data Element
action
diffserv
attacks
ipaction
log
vlan
log-actions
severity
seslog
42
Description
For each attack that matches a rule, you can choose an action that will occur if the IDP detects
interactive traffic. The following actions are possible:
Accept = IDP accepts the interactive traffic
Drop Connection = IDP drops the interactive connection without sending a RST packet reset
flag) to the sender. This prevents the traffic from reaching its destination. This action is selected
to drop connections from traffic that is not prone to spoofing.
Close Client = IDP closes the interactive connection to the client but not to the server.
Close Server = IDP closes the interactive connection to the server but not to the client.
Close Client and Server = IDP closes the interactive connection and sends a RST packet to
both the client and the server. If IDP is operating in an inline tap mode, IDP sends a RST packet
to both the client and the server but does not close the connection.
DiffServ Marking.
Attack objects represent specific patterns of malicious activity within a connection. They also
specify a method for detecting attacks.
Enables and configures an IP action to prevent future malicious connections from the attacker's
IP address.
Deep inspection alert log
This parameter configures a rule that only applies to messages in specified VLANs. The possible
settings are:
Any (default) = Any rule will be applied to messages in any VLAN and to messages without
a VLAN tag. This setting has the same effect as not specifying a VLAN. Any can be sent to
devices that do not support VLAN tagging.
None = A rule will be applied only to messages that do not have a VLAN tag. Rules with this
value set cannot be sent to devices that do not support VLAN tagging.
vlan_list_collection = Specifies the VLAN tags to which the rule applies. You must create VLAN
objects before applying them to the rules. Rules with this value set cannot be sent to devices
that do not support VLAN tagging.
Action to be taken on the log. This can include configuring SNMP, Syslog, CSV, XML, script, and
e-mail settings.
Severity of the attack. Within the IDP rulebase, you can override the ordinary attack severity on
a per-rule basis. Possible settings:
Default
Info
Warning
Minor
Major
Critical
Log packets.
Copyright © 2010, Juniper Networks, Inc.
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 and is the answer not in the manual?
Questions and answers