Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 192

186 T P I
IPPING OINT NTRUSION
Configuring an
Action Set
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
P S
REVENTION YSTEM
To configure an action set:
Log in to the Tipping Point system.
From the LSM menu, select IPS > Action Sets.
The IPS Profile - Action Sets window appears.
Click Create Action Set.
The Create/Edit Action Set window appears.
Enter the Action Set Name.
For Actions, select a flow control action setting:
Permit - Allows traffic.
•
Rate Limit - Limits the speed of traffic. If you select Rate Limit, you must also
•
select the desired rate.
Block - Does not permit traffic.
•
• TCP Reset - When used with the Block action, resets the source, destination,
or both IP addresses of an attack. This option resets blocked TCP flows.
Quarantine - When used with the Block action, blocks an IP address (source or
•
destination) that triggers the filter.
Select the Remote System Log check box for each action you have selected.
Click Create.
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from a Tipping Point device, choose one of the
following options:
If you are using STRM 6.0, select Tipping Point UnityOne from the Sensor
•
Device Type drop-down list box.
If you are using STRM 6.0.1 and above, select TippingPoint Intrusion
•
Prevention System (IPS) from the Sensor Device Type drop-down list box.
For more information on configuring sensor devices, see the Managing Sensor
Devices Guide. For more information regarding your Tipping Point device, see
your vendor documentation.
Configuring DSMs Guide