Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring the Direction Filter
Creating Custom DI Attack Groups
362
and—If both of the member name patterns match, the expression matches. It does
not matter in which order the members appear.
oand—If both of the member name patterns match, and if they appear in the same
order as in the Boolean Expression, the expression matches.
Example: Boolean Expression
Suppose you have created six signature members, labeled s1 through s5.
Suppose you know that the attack always contains the pattern s1, followed by either s2
or s3. Further, you know that the attack always contains s4 and s5, but their positions in
the attack can vary.
You might create the following Boolean expression:
((s1 oand s2) or (s1 oand s3)) and (s4 and s5)
Use the direction filter to specify the direction (Any, Client-to-Server, Server-to-Client)
of traffic in which the attack object attempts to match an attack. Each attack version in
the attack object retains its own direction; however, you can use the direction filter to
change which direction is monitored by the attack object. Only those attack versions that
match the direction filter are active in the attack object.
By default, the direction filter is automatically set to the direction of the most
recently-created or edited attack version.
You can create custom attack object groups to contain your custom DI attack objects.
After you add these custom groups to a DI profile, you can then configure a firewall rule
to use that DI Profile.
All DI attack object groups (both predefined and custom) are considered " static" groups,
meaning that they do not change. To add or delete an attack object from the group, you
must manually edit the group members.
A custom attack object group can contain custom attack objects and other custom
attack object groups. You cannot add predefined attack objects or predefined attack
object groups to a custom attack object group. To use both predefined and custom attack
objects in a firewall rule, create a DI Profile that includes predefined and custom attack
object groups, then use this profile object within the Rule Options of a firewall rule. For
information about creating a DI Profile, see "Creating DI Profiles" on page 338.
NOTE: Attack group names cannot be the same as attack object names.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?