Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 76

70 G F
ENERIC IREWALL
Step 6
Step 7
Step 8
Step 9
Step 10
For example, if your device generates the following log messages for accepted
packets:
Aug. 5, 2005 08:30:00 Packet accepted. Source IP: 192.168.1.1
Source Port: 80 Destination IP: 192.168.1.2 Destination Port: 80
Protocol: tcp
The pattern for accepted packets is
Add the following to the file:
accept_pattern=<accept pattern>
Where <accept pattern> is the pattern determined in
accept pattern=Packet accepted
Note: Patterns are case insensitive.
Review the file to determine a pattern for denied packets.
For example, if your device generates the following log messages for denied
packets:
Aug. 5, 2005 08:30:00 Packet denied.
Source Port: 21 Destination IP: 192.168.1.2 Destination Port: 21
Protocol: tcp
The pattern for denied packets is
Add the following to the file:
deny_pattern=<deny pattern>
Where <deny pattern> is the pattern determined in
Note: Patterns are case insensitive.
Review the file to determine a pattern, if present, for the following:
source ip
source port
destination ip
destination port
protocol
For example, if your device generates the following log message:
Aug. 5, 2005 08:30:00 Packet accepted. Source IP: 192.168.1.1
Source Port: 80 Destination IP: 192.168.1.2 Destination Port: 80
Protocol: tcp
The pattern for source IP is
Add the following to the file:
source_ip_pattern=<source ip pattern>
source_port_pattern=<source port pattern>
destination_ip_pattern=<destination ip pattern>
Configuring DSMs Guide
Packet accepted
Packet denied.
.
Source IP
.
Step 5. For example:
Source IP: 192.168.1.1
Step 7
.