Table of Contents
Advertisement
5.
Click Add to invoke the Network Layer Log Frag dialog box.
6.
Select the desired Action, either log or ignore.
7.
Enter the source IP address or CIDR block for the rule using the following format:
<IP address>/<mask>
Select the appropriate IP version checkbox. Network masks can range from 0-32 for IPv4 and
0-128 for IPv6.
8.
Select the protocol from the Protocol drop-down list or you can enter the protocol's numeric
value. Refer to
wildcard for any protocol.
Note: The protocol is displayed numerically in the Log Broadcast tab's Protocol column.
9.
Click OK. The rule is displayed in the table.
10. Click Edit or Delete to change or delete existing rules.
11. Use the Move Up and Move Down buttons to place the rules in the desired order.
12. Click Commit to add your changes to the policy being configured.
Examples
The following example shows the rules to ignore UDP fragments but log all others.
Table 2-2
on page 2-11 for a list of common protocol values. Use a 0 as a
Configuring the Network Layer Module
Creating Network Sensor Policies and Signatures 2-43
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?