Table 45: Ape Rule Actions; Configuring Actions For Ape Rules - Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Configuring Actions For APE Rules

480
Select Default to accept the service specified by the attack object you select in the
Attacks column. When you select an attack object in the Attack column, the service
associated with that attack object becomes the default service for the rule. To see the
exact service, view the attack object details.
Select Any to set any service.
Select Service to choose specific services from the list of defined service objects.
For example, to take some action on FTP traffic, set the service to Default and add the
application object FTP. The Service column in the rule still displays "Default," but the
rule actually uses the default service of TCP-FTP, which is specified in the application
object.
You can create your own service objects to use in rules, such as service objects for
protocols that use nonstandard ports. However, you cannot match application objects
to protocols that they do not use.
You can tell the security device which actions to perform against attacks that match
rules in your security policy. For each attack that matches a rule, you can choose to ignore,
drop, or close the current packets or connection. If the rule is triggered, the device can
perform actions against the connection.
Remember that the device can drop traffic only when IDP is enabled in inline mode; when
IDP is enabled in inline tap (sniffer) mode, it cannot perform drop or close actions.
Table 45 on page 480 lists actions for APE rules:

Table 45: APE Rule Actions

Action Description
None IDP takes no action against the connection. If a rule that contains an
action of None is matched, the corresponding log record displays
"accept" in the action column of the Log Viewer.
Drop Connection IDP drops the connection without sending an RST packet to the sender,
preventing the traffic from reaching its destination. Use this action to
drop connections for traffic that is not prone to spoofing.
Close Client IDP closes the connection to the client, but not to the server.
Close Server IDP closes the connection to the server, but not to the client.
Close Client and Server IDP closes the connection and sends a RST packet to both the client
and the server. If IDP is operating in inline tap mode, IDP sends an RST
packet to both the client and server but does not close the connection.
Diffserv Marking IDP assigns the service differentiation value indicated to the packet,
then passes it on normally. The value is set in the dialog that appears
when you select this action in the rulebase.
Copyright © 2010, Juniper Networks, Inc.