Table of Contents
Advertisement
Configuring the Protocol Analysis Module
7.
Configure your filters in the ICMP Log Elements window. Click Add. The Add ICMP Log
Element dialog box is displayed.
a.
b. Enter the network source IP address using the following format:
c.
d. Enter the ICMP code value. Refer to
e.
8.
Click Edit or Remove to change or delete existing filters.
9.
Use the Move Up and Move Down buttons to place the rules in the desired order.
10. Click Commit to add your changes to the policy being configured.
Examples
The following example shows four ICMP filter rules that tell the sensor to ignore echo replies,
ICMP errors, and echo requests from any network, but log all other ICMP traffic.
2-68 Creating Network Sensor Policies
Select the desired action, either ignore or log, from the Action drop-down menu.
<IP address>/<mask>
Select the appropriate IP version checkbox. Network masks can range from 0-32 for IPv4
and 0-128 for IPv6. To indicate any network, use 0.0.0.0/0 for IPv4 addresses and ::/0 for
IPv6 addresses.
Enter the ICMP traffic type to be logged or ignored in the Type field. Refer to
page 2-66 for a list of ICMP type and code values. To specify any type of traffic, select the
Any box.
code values. If no code value is needed, select the Any box.
Click OK to add the filter to the table.
Table 2-6
on page 2-66 for a list of ICMP type and
Table 2-6
on
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?