Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

[edit security idp] Hierarchy Level

security {idp {active-policy policy-name;custom-attack attack-name {attack-type {anomaly {direction (any | client-to-server | server-to-client);service service-name;shellcode (all | intel | no-shellcode | sparc);test test-condition;}chain {expression boolean-expression;member member-name {attack-type {(anomaly ...same statements as in [edit security idp custom-attack attack-name attack-type anomaly] hierarchy level | signature ...same statements as in [edit security idp custom-attack attack-name attack-type signature] hierarchy level);}}order;protocol-binding {application application-name;icmp;icmpv6;ip {protocol-number transport-layer-protocol-number;}ipv6 {protocol-number transport-layer-protocol-number;}rpc {program-number rpc-program-number;}tcp {minimum-port port-number <maximum-port port-number>;}udp {minimum-port port-number <maximum-port port-number>;}}reset;scope (session | transaction);}signature {context context-name;direction (any | client-to-server | server-to-client);negate;pattern signature-pattern;protocol {icmp {code {match (equal | greater-than | less-than | not-equal);value code-value;}data-length {match (equal | greater-than | less-than | not-equal);value data-length;}identification {match (equal | greater-than | less-than | not-equal);value identification-value;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number;}type {match (equal | greater-than | less-than | not-equal);value type-value;}}ipv4 {destination {match (equal | greater-than | less-than | not-equal);value ip-address-or-hostname;}identification {match (equal | greater-than | less-than | not-equal);value identification-value;}ip-flags {(df | no-df);(mf | no-mf);(rb | no-rb);}protocol {match (equal | greater-than | less-than | not-equal);value transport-layer-protocol-id;}source {match (equal | greater-than | less-than | not-equal);value ip-address-or-hostname;}tos {match (equal | greater-than | less-than | not-equal);value type-of-service-in-decimal;}total-length {match (equal | greater-than | less-than | not-equal);value total-length-of-ip-datagram;}ttl {match (equal | greater-than | less-than | not-equal);value time-to-live;}}ipv6 {destination {match (equal | greater-than | less-than | not-equal);value ip-address-or-hostname;}flow-label {match (equal | greater-than | less-than | not-equal);value flow-label-value;}hop-limit {match (equal | greater-than | less-than | not-equal);value hop-limit-value;}next-header {match (equal | greater-than | less-than | not-equal);value next-header-value;}payload-length {match (equal | greater-than | less-than | not-equal);value payload-length-value;}source {match (equal | greater-than | less-than | not-equal);value ip-address-or-hostname;}traffic-class {match (equal | greater-than | less-than | not-equal);value traffic-class-value;}tcp {ack-number {match (equal | greater-than | less-than | not-equal);value acknowledgement-number;}data-length {match (equal | greater-than | less-than | not-equal);value tcp-data-length;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port;}header-length {match (equal | greater-than | less-than | not-equal);value header-length;}mss {match (equal | greater-than | less-than | not-equal);value maximum-segment-size;}option {match (equal | greater-than | less-than | not-equal);value tcp-option;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number;}source-port {match (equal | greater-than | less-than | not-equal);value source-port;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than | less-than | not-equal);value urgent-pointer;}window-scale {match (equal | greater-than | less-than | not-equal);value window-scale-factor;}window-size {match (equal | greater-than | less-than | not-equal);value window-size;}}udp {data-length {match (equal | greater-than | less-than | not-equal);value data-length;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port;}source-port {match (equal | greater-than | less-than | not-equal);value source-port;}}}protocol-binding {application application-name;icmp;icmpv6;ip {protocol-number transport-layer-protocol-number;}ipv6 {protocol-number transport-layer-protocol-number;}rpc {program-number rpc-program-number;}tcp {minimum-port port-number <maximum-port port-number>;}udp {minimum-port port-number <maximum-port port-number>;}}regexp regular-expression;shellcode (all | intel | no-shellcode | sparc);}}recommended-action (close | close-client | close-server | drop | drop-packet | ignore | none);severity (critical | info | major | minor | warning);time-binding {count count-value;scope (destination | peer | source);}}custom-attack-group custom-attack-group-name {group-members [attack-or-attack-group-name];}dynamic-attack-group dynamic-attack-group-name {filters {category {values [category-value];}direction {expression (and | or);values [any client-to-server exclude-any exclude-client-to-server exclude-server-to-client server-to-client];}false-positives {values [frequently occasionally rarely unknown];}performance {values [fast normal slow unknown];}products {values [product-value];}recommended;no-recommended;service {values [service-value];}severity {values [critical info major minor warning];}type {values [anomaly signature];}}}idp-policy policy-name {rulebase-exempt {rule rule-name {description text;match {attacks {custom-attack-groups [attack-group-name];custom-attacks [attack-name];dynamic-attack-groups [attack-group-name];predefined-attack-groups [attack-group-name];predefined-attacks [attack-name];}destination-address ([address-name] | any | any-ipv4 | any-ipv6);destination-except [address-name];from-zone (zone-name | any );source-address ([address-name] | any | any-ipv4 | any-ipv6);source-except [address-name];to-zone (zone-name | any);}}}rulebase-ips {rule rule-name {description text;match {application (application-name | any | default);attacks {custom-attack-groups [attack-group-name];custom-attacks [attack-name];dynamic-attack-groups [attack-group-name];predefined-attack-groups [attack-group-name];predefined-attacks [attack-name];}destination-address ([address-name] | any | any-ipv4 | any-ipv6);destination-except [address-name];from-zone (zone-name | any );source-address ([address-name] | any | any-ipv4 | any-ipv6);source-except [address-name];to-zone (zone-name | any);}terminal;then {action {class-of-service {dscp-code-point number; forwarding-class forwarding-class;}(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);}ip-action {(ip-block | ip-close | ip-notify);log;log-create;refresh-timeout;target (destination-address | service | source-address | source-zone | source-zone-address | zone-service);timeout seconds;}notification {log-attacks {alert;}packet-log {post-attack number;post-attack-timeout seconds;pre-attack number;}}severity (critical | info | major | minor | warning);}}}}security-package {automatic {download-timeout minutes;enable;interval hours;start-time start-time;}install {ignore-version-check;}source-address address;url url-name;}sensor-configuration {application-identification {max-packet-memory-ratio percemtage-value;max-reass-packet-memory-ratio percemtage-value;max-tcp-session-packet-memory value;max-udp-session-packet-memory value;}detector {protocol-name protocol-name {tunable-name tunable-name {tunable-value protocol-value;}}}flow {(allow-icmp-without-flow | no-allow-icmp-without-flow);fifo-max-size value;hash-table-size value;(log-errors | no-log-errors);max-sessions-offset value;max-timers-poll-ticks value;reject-timeout value;(reset-on-policy | no-reset-on-policy);udp-anticipated-timeout value;}global {(enable-all-qmodules | no-enable-all-qmodules);(enable-packet-pool | no-enable-packet-pool);gtp (decapsulation | no-decapsulation);memory-limit-percent value;(policy-lookup-cache | no-policy-lookup-cache);}high-availability {no-policy-cold-synchronization;}disable-low-memory-handling;ips {content-decompression-max-memory-kb value;content-decompression-max-ratio value;(detect-shellcode | no-detect-shellcode);fifo-max-size value;(ignore-regular-expression | no-ignore-regular-expression);log-supercede-min minimum-value;pre-filter-shellcode;(process-ignore-s2c | no-process-ignore-s2c);(process-override | no-process-override);process-port port-number;}log {cache-size size;suppression {disable;(include-destination-address | no-include-destination-address);max-logs-operate value;max-time-report value;start-log value;}}packet-log {host ip-address <port number>;max-sessions percentage;source-address ip-address;total-memory percentage;}re-assembler {action-on-reassembly-failure (drop | drop-session | ignore);(ignore-memory-overflow | no-ignore-memory-overflow);(ignore-reassembly-memory-overflow | no-ignore-reassembly-memory-overflow);ignore-reassembly-overflow;max-flow-mem value;max-packet-mem-ratio percetnage-value;(tcp-error-logging | no-tcp-error-logging);}ssl-inspection {cache-prune-chunk-size number;key-protection;maximum-cache-size number;session-id-cache-timeout seconds;sessions number;}}traceoptions {file {filename;files number;match regular-expression;(no-world-readable | world-readable);size maximum-file-size;}flag all;level (all | error | info | notice | verbose | warning);no-remote-trace;}}}
 

Related Documentation

 

Published: 2014-05-08

Previous Page Next Page